Potential Malware?

dayve · May 28, 2013

Hi,

Recently I've been having problems with my computer. When opening my McAfee Anti-Virus I would receive a "Program has stopped Working" message, although the icon would remain in the system tray. I attempted to fix this using McAfee Virtual Technician but received the same "Program has stopped working" error message. My next step was to attempt to uninstall the program, but this also failed, with the same error message.

Believing my computer was unprotected I downloaded Microsoft Security Essentials, along with Malwarebytes. Malwarebytes installed fine but when I tried to open it I press Yes on "allow this program to run" but then nothing happens. Microsoft Security Essentials worked fine.

I then downloaded SUPERantiSpyware, which worked fine, and ran a full scan. It found and removed several tracking cookies, some adware and a Trojan.

After more internet searches I found that McAfee may be able to be removed in Safe Mode. I uninstalled McAfee in Safe Mode. I also tried to open Malwarebytes in Safe Mode. This worked and I ran a quick scan, which found and removed a Spyware.

I then tried opening Malwarebytes in normal windows, which failed again, with the same problem. I found your website and read through the FAQ on Malwarebytes not opening. I tried to use Chameleon, receiving the error message "Microsoft HTML help executable has stopped working". I then opened Chameleon manually, with the first I tried, "firefox.com" seeming to work. It updated Malwarebytes and attempted to open it, saying everything was done, but Malwarebytes did not open.

I then tried the Rkill method of opening Malwarebytes but after running Rkill and attempting to open Malwarebytes nothing happened again.

At this point I was unsure of what to do and came here. Could malware prevent Malwarebytes from running? Potentially also something that stopped McAfee from working? Any help would be greatly appreciated.

Thanks,

Dayve.

Maniac · May 28, 2013

Hello Dayve and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please follow the instructions here:

http://forums.malwarebytes.org/index.php?showtopic=9573

dayve · May 28, 2013

Hi Maniac, Thanks for replying

Here is DDS.txt :

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Dave at 18:27:15 on 2013-05-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.1315 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

C:\Program Files\Acer\Acer Updater\UpdaterService.exe

c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe

C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

C:\Windows\system32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Bandoo\Bandoo.exe

C:\Program Files (x86)\Launch Manager\LMutilps32.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Elantech\ETDCtrl.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Windows\system32\igfxext.exe

C:\Program Files\Elantech\ETDCtrlHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\DOLBY PCEE4\pcee4.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

c:\PROGRA~2\mcafee\SITEAD~1\saui.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\splwow64.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://isearch.avg.com/?cid={63849E8E-3EDB-43E8-B0E8-17E9F25D4BD7}&mid=8e21ad2adb4847d0bed96939b24de9fa-b0331a39918adb725faecaa4907fc1b61181c5e8〈=en&ds=st011&pr=sa&d=2012-08-13 12:24:12&v=12.2.0.5&sap=hp

uDefault_Page_URL = hxxp://acer.msn.com

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

mWinlogon: Userinit = userinit.exe,

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: BandooIEPlugin Class: {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll

TB: blekko search bar: {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p

mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

Trusted Zone: line6.net

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

TCP: NameServer = 143.167.2.110 143.167.252.110

TCP: Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5} : DHCPNameServer = 143.167.252.110 143.167.2.110

TCP: Interfaces\{E92D26B8-CD52-43FC-83C6-226A6AC4A731} : DHCPNameServer = 143.167.2.110 143.167.252.110

TCP: Interfaces\{E92D26B8-CD52-43FC-83C6-226A6AC4A731}\244564F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23

TCP: Interfaces\{E92D26B8-CD52-43FC-83C6-226A6AC4A731}\244584F6D65684572623D28523D405 : DHCPNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~2\wia6eb~1\datamngr\datamngr.dll c:\progra~2\wia6eb~1\datamngr\iebho.dll c:\windows\syswow64\nvinit.dll c:\progra~2\bandoo\bndhook.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: DataMngr: {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll

x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -

x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4

x64-Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com

FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=73&systemid=101&sr=0&q=

FF - prefs.js: browser.search.selectedEngine - Blekko

FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E9D0DDF6CF8DCDAD06529C503CDEA3DE&q=

FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - ExtSQL: !HIDDEN! 2011-12-03 15:46; ffox@bandoo.com; C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-7-6 25960]

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-8-13 45856]

R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2011-6-8 22912]

R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2011-6-8 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2011-6-8 62584]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-5-23 143120]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-6-8 352336]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-7-6 872552]

R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 29696]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-6-8 13336]

R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-6-8 244624]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [2013-1-31 103472]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]

R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-1-5 256536]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-10-8 19192]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-7-6 2656280]

R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-5-20 1015984]

R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-21 67624]

R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-21 19496]

R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-1-20 52264]

R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-1-14 85544]

R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-6-8 138024]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-6-8 317440]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-1-17 412712]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 161384]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2013-1-10 2438696]

S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-9-28 172912]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-25 1436424]

S3 L6UX2;Service - Line 6 UX2;C:\Windows\System32\drivers\L6UX264.sys [2011-4-29 768000]

S3 RapportIaso;RapportIaso;C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys [2012-10-2 172952]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-10-8 150016]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-6 1255736]

S4 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2074-05-07 18:38:48 203576 ------w- C:\Program Files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-05-28 11:18:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-05-28 11:18:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-27 18:16:55 964552 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{56F2EE52-F877-4C54-9993-EF0662A69AB5}\gapaengine.dll

2013-05-27 18:16:46 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7918242F-4AF3-4044-8EBA-F2ECD882D23F}\mpengine.dll

2013-05-27 18:12:25 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2013-05-27 18:12:03 -------- d-----w- C:\Program Files\Microsoft Security Client

2013-05-27 16:38:57 -------- d-----w- C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com

2013-05-27 16:38:45 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-05-27 16:38:45 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-05-27 16:32:55 -------- d-----w- C:\Users\Dave\AppData\Roaming\Malwarebytes

2013-05-27 16:32:34 -------- d-----w- C:\ProgramData\Malwarebytes

2013-05-27 16:32:10 -------- d-----w- C:\Users\Dave\AppData\Local\Programs

2013-05-21 12:05:50 -------- d-----w- C:\Users\Dave\AppData\Roaming\TuneUp Software

2013-05-21 11:59:28 -------- d-----w- C:\Users\Dave\AppData\Local\MFAData

2013-05-21 11:59:28 -------- d-----w- C:\ProgramData\MFAData

2013-05-21 11:45:59 -------- d-----w- C:\mfe

2013-05-15 09:38:20 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 09:38:20 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 09:38:20 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 09:38:19 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 09:38:19 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 09:38:00 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 09:37:58 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 09:37:57 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 09:37:56 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 09:37:38 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-11 12:06:02 -------- d-----w- C:\Users\Dave\jagexcache

.

==================== Find3M ====================

.

2013-05-20 16:58:25 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-05-14 19:22:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 19:22:20 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 04:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-06 15:11:00 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-03-06 15:11:00 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 18:28:36.01 ===============

And Attach.txt :

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 06/08/2011 17:09:50

System Uptime: 28/05/2013 12:20:25 (6 hours ago)

.

Motherboard: Acer | | JE50_HR

Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 782/1333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 277.289 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP161: 21/05/2013 13:01:43 - Installed AVG 2013

RP162: 21/05/2013 13:03:06 - Installed AVG 2013

RP163: 27/05/2013 17:18:26 - Removed AVG 2013

RP164: 27/05/2013 17:24:55 - Removed AVG 2013

RP165: 27/05/2013 19:15:26 - Windows Update

RP166: 27/05/2013 22:40:10 - Windows Update

RP167: 28/05/2013 10:53:32 - Windows Update

.

==== Installed Programs ======================

.

==== End Of File ===========================

Maniac · May 28, 2013

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

dayve · May 28, 2013

OLT.Txt:

OTL logfile created on: 28/05/2013 19:24:03 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 53.54% Memory free

7.71 Gb Paging File | 5.83 Gb Available in Paging File | 75.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.66 Gb Total Space | 277.25 Gb Free Space | 61.52% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/28 19:23:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dave\Downloads\OTL.exe

PRC - [2013/05/20 17:58:25 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe

PRC - [2012/05/03 19:07:40 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

PRC - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

PRC - [2011/11/22 23:08:51 | 002,051,472 | ---- | M] (Bandoo Media Inc.) -- C:\Program Files (x86)\Bandoo\Bandoo.exe

PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/05/26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2011/03/30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011/03/14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe

PRC - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2011/02/01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2011/01/31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe

PRC - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/09/14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

========== Modules (No Company Name) ==========

MOD - [2013/05/16 11:43:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll

MOD - [2013/05/16 11:42:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll

MOD - [2013/05/16 11:42:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll

MOD - [2013/03/26 15:48:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/03/26 15:48:13 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll

MOD - [2013/03/26 15:48:10 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll

MOD - [2013/03/26 15:48:03 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/03/26 15:47:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/03/26 15:47:27 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/03/26 15:47:14 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2011/03/30 23:05:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\coprocmanager\detoured.dll

========== Services (SafeList) ==========

SRV:64bit: - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe /McCoreSvc -- (McMPFSvc)

SRV:64bit: - [2013/05/23 21:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)

SRV:64bit: - [2012/09/25 15:28:49 | 001,436,424 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2012/04/26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)

SRV:64bit: - [2011/05/10 14:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2011/01/31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2010/10/08 02:24:16 | 000,150,016 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2010/09/23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2013/05/20 17:58:25 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)

SRV - [2013/05/14 20:22:21 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/05/04 00:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2012/12/04 11:54:14 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)

SRV - [2012/11/09 12:21:24 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/01/05 15:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2011/11/22 23:08:51 | 002,051,472 | ---- | M] (Bandoo Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Bandoo\Bandoo.exe -- (Bandoo Coordinator)

SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2011/07/06 12:14:22 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/05/26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2011/03/30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011/03/14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2011/02/01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/09/28 02:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010/09/14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/20 17:58:25 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/09/28 11:32:56 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)

DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV:64bit: - [2011/06/08 08:23:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011/06/08 08:23:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011/06/08 08:23:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011/04/29 03:16:30 | 000,768,000 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6UX264.sys -- (L6UX2)

DRV:64bit: - [2011/04/15 19:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/03/30 23:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/10 05:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2011/03/10 05:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2011/03/01 15:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2011/01/21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2011/01/21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2011/01/20 04:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2011/01/17 23:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2011/01/14 02:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010/11/12 07:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 09:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/10/08 02:23:38 | 000,019,192 | ---- | M] (Intel® Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/09/14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2012/10/02 17:16:02 | 000,172,952 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys -- (RapportIaso)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 21317249

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={63849E8E-3EDB-43E8-B0E8-17E9F25D4BD7}&mid=8e21ad2adb4847d0bed96939b24de9fa-b0331a39918adb725faecaa4907fc1b61181c5e8〈=en&ds=st011&pr=sa&d=2012-08-13 12:24:12&v=12.2.0.5&sap=hp

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E9D0DDF6CF8DCDAD06529C503CDEA3DE&q={searchTerms}

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={63849E8E-3EDB-43E8-B0E8-17E9F25D4BD7}&mid=8e21ad2adb4847d0bed96939b24de9fa-b0331a39918adb725faecaa4907fc1b61181c5e8〈=en&ds=st011&pr=sa&d=2012-08-13 12:24:12&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com"

FF - prefs.js..extensions.enabledAddons: ffox@bandoo.com:5.1

FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00

FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0

FF - prefs.js..extensions.enabledAddons: {D19CA586-DD6C-4a0a-96F8-14644F340D60}:14.4.1

FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0

FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=73&systemid=101&sr=0&q="

FF - prefs.js..browser.search.defaultenginename: "Blekko"

FF - prefs.js..browser.search.selectedEngine: "Blekko"

FF - prefs.js..browser.search.order.1: "Blekko"

FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E9D0DDF6CF8DCDAD06529C503CDEA3DE&q="

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/02/01 14:14:54 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/20 17:58:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/28 10:47:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/09 20:13:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com [2011/12/03 16:46:01 | 000,000,000 | ---D | M]

[2011/12/03 16:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Extensions

[2012/08/28 16:07:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions

[2012/08/28 16:07:25 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}

[2011/12/03 16:46:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011/12/03 16:46:01 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com

[2011/12/03 16:46:11 | 000,002,517 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\searchplugins\Search_Results.xml

[2012/09/20 19:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/10/21 22:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

[2011/08/12 06:57:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/05/20 17:58:59 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml

[2011/08/12 04:16:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012/08/28 16:07:25 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml

[2011/12/03 16:46:11 | 000,002,517 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}

CHR - homepage: https://www.google.co.uk/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\gcswf32.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll

CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll

CHR - Extension: YouTube = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: SiteAdvisor = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.60.126.1_0\

CHR - Extension: Gmail = C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found

O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)

O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()

O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)

O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))

O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1000..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKLM..\RunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe ()

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKU\.DEFAULT..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found

O4 - HKU\S-1-5-18..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found

O4 - HKU\S-1-5-19..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1000..\RunOnce: [scrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..Trusted Domains: line6.net ([]* in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 143.167.2.110 143.167.252.110

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69BB2179-BC30-48A1-AC0A-0A960D9C6BB5}: DhcpNameServer = 143.167.252.110 143.167.2.110

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E92D26B8-CD52-43FC-83C6-226A6AC4A731}: DhcpNameServer = 143.167.2.110 143.167.252.110

O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\datamngr.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wia6eb~1\datamngr\iebho.dll) - c:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20 - HKLM Winlogon: UserInit - (userinit.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found

O29 - HKLM SecurityProviders - (credssp.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012/09/26 14:13:04 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{97f585fb-e59a-11e1-a657-b870f4a90009}\Shell - "" = AutoRun

O33 - MountPoints2\{97f585fb-e59a-11e1-a657-b870f4a90009}\Shell\AutoRun\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{97f585fb-e59a-11e1-a657-b870f4a90009}\Shell\configure\command - "" = F:\SETUP.EXE

O33 - MountPoints2\{97f585fb-e59a-11e1-a657-b870f4a90009}\Shell\install\command - "" = F:\SETUP.EXE

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/28 12:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/05/28 12:18:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/05/28 12:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/05/28 12:12:49 | 000,000,000 | ---D | C] -- C:\Users\Dave\Desktop\rkill

[2013/05/27 22:46:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2013/05/27 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2013/05/27 22:44:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight

[2013/05/27 19:12:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client

[2013/05/27 19:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client

[2013/05/27 17:38:57 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\SUPERAntiSpyware.com

[2013/05/27 17:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2013/05/27 17:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2013/05/27 17:38:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2013/05/27 17:32:55 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\Malwarebytes

[2013/05/27 17:32:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/05/27 17:32:10 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\Programs

[2013/05/27 15:17:20 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\SystemRequirementsLab

[2013/05/21 13:05:50 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Roaming\TuneUp Software

[2013/05/21 12:59:28 | 000,000,000 | ---D | C] -- C:\Users\Dave\AppData\Local\MFAData

[2013/05/21 12:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2013/05/21 12:45:59 | 000,000,000 | ---D | C] -- C:\mfe

[2013/05/11 13:06:02 | 000,000,000 | ---D | C] -- C:\Users\Dave\jagexcache

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/28 19:22:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/05/28 18:45:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/05/28 17:39:01 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d6f4ef84-c64d-4c1a-9aca-d75c8b4a0725.job

[2013/05/28 16:06:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/05/28 10:57:12 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/05/28 10:57:12 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/05/28 10:49:33 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/05/28 10:48:10 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys

[2013/05/27 23:13:03 | 535,715,508 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/05/27 22:11:53 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a86951be-7c23-4547-b602-31d378c37ae1.job

[2013/05/27 19:13:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif

[2013/05/27 15:08:36 | 000,000,024 | ---- | M] () -- C:\Users\Dave\random.dat

[2013/05/27 14:57:13 | 000,000,043 | ---- | M] () -- C:\Users\Dave\jagex_cl_oldschool_LIVE.dat

[2013/05/24 18:46:07 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk

[2013/05/20 17:58:25 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[2013/05/16 11:39:45 | 000,390,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/05/15 23:37:53 | 000,786,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/05/15 23:37:53 | 000,652,820 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/05/15 23:37:53 | 000,121,494 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/30 23:26:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/30 23:26:44 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/27 19:13:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif

[2013/05/27 19:12:52 | 000,002,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk

[2013/05/27 17:39:05 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d6f4ef84-c64d-4c1a-9aca-d75c8b4a0725.job

[2013/05/27 17:39:05 | 000,000,508 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a86951be-7c23-4547-b602-31d378c37ae1.job

[2013/05/11 13:06:02 | 000,000,043 | ---- | C] () -- C:\Users\Dave\jagex_cl_oldschool_LIVE.dat

[2013/04/30 23:26:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2013/04/30 23:26:44 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2013/02/12 22:57:11 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI

[2013/01/10 23:23:21 | 000,056,424 | ---- | C] () -- C:\Windows\SysWow64\PrxerNsp.dll

[2012/09/12 11:26:44 | 000,000,024 | ---- | C] () -- C:\Users\Dave\random.dat

[2012/07/09 11:35:42 | 000,000,140 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\EV Nova Prefs.prf

[2012/07/09 11:35:42 | 000,000,061 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\EV Nova License.lcs

[2011/10/20 17:17:20 | 000,000,005 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\RSBuddy Login.ini

[2011/10/02 17:50:34 | 000,000,132 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\RSBuddy_daive.ini

[2011/09/04 15:53:37 | 000,766,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/08/11 20:57:50 | 000,000,000 | ---- | C] () -- C:\Users\Dave\rss.lock

[2011/08/09 19:57:27 | 000,000,079 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\RSBuddy_dayve.ini

[2011/08/08 17:36:10 | 000,000,033 | ---- | C] () -- C:\Users\Dave\AppData\Roaming\RSBot_Accounts.ini

[2011/08/08 17:12:32 | 001,524,112 | ---- | C] () -- C:\Windows\SysWow64\bandoolmx.dll

[2011/06/08 08:30:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2011/06/08 08:30:45 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/06/08 08:30:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2011/06/08 08:30:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

[2011/06/08 08:30:41 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/06/08 07:57:52 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2011/05/31 07:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll

[2011/05/31 07:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/26 20:50:26 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Autodesk

[2011/08/08 17:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Bandoo

[2012/07/06 15:23:03 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\canon

[2012/07/06 15:25:32 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Canon_Inc_IC

[2012/08/14 00:18:00 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\DAEMON Tools Pro

[2011/09/10 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Guitar Pro 6

[2011/08/06 14:31:25 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Line 6

[2012/08/08 13:49:39 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Mount&Blade Warband

[2011/08/05 20:38:44 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PACE Anti-Piracy

[2012/08/13 12:43:00 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\PowerISO

[2013/01/31 18:25:37 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SoftGrid Client

[2012/08/14 14:39:07 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Sports Interactive

[2013/05/27 20:58:58 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Spotify

[2011/08/05 20:01:22 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Steinberg

[2013/05/27 15:17:20 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\SystemRequirementsLab

[2011/09/04 15:54:23 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TP

[2013/05/21 13:05:50 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\TuneUp Software

[2013/05/28 12:21:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:7631EA83

@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:8173A019

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EAD001CC

< End of report >

dayve · May 28, 2013

Extras.Txt :

OTL Extras logfile created on: 28/05/2013 19:24:03 - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dave\Downloads

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16576)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.86 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 53.54% Memory free

7.71 Gb Paging File | 5.83 Gb Available in Paging File | 75.63% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 450.66 Gb Total Space | 277.25 Gb Free Space | 61.52% Space Free | Partition Type: NTFS

Computer Name: DAVE-PC | User Name: Dave | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall

"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [string data over 1000 bytes]

"C:\Program Files (x86)\iCall\iCall.exe" = C:\Program Files (x86)\iCall\iCall.exe:*:Enabled:iCall

"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [string data over 1000 bytes]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09541EB1-65D3-48E9-865B-F7D26E5D1D17}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{14C3E221-1DD9-40AD-ADE4-80A6565CAD01}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2CF0CA9C-5BFE-4FAE-A4AF-99C4B51E851D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{353C954D-A455-4BCC-8726-7B1E4E8A610C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{4454F89B-F233-4866-BEF1-2BA104A9BF86}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{51DC9A2D-3904-4A87-BBFB-7C29EC3C0454}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{70BEAD3D-2F77-4C38-966C-911DA99404E4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{73CCE831-BCCE-47F8-9709-8AE4B1305DD7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{8663A949-4C04-4D71-8F1F-FD5AB61D1C2F}" = lport=2869 | protocol=6 | dir=in | app=system |

"{AA2CB9F9-A565-4BDB-B4E8-91732FA4FCBF}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{AFCF6BF5-2928-4BD5-8EA1-0C178DE1F151}" = rport=10243 | protocol=6 | dir=out | app=system |

"{F16A1B56-6131-46C7-9B1A-D55C396E4B32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{FCA1D618-EF83-4C8A-9526-63D7E45C3B8D}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{019F22E4-3ACF-4427-B0BD-CEAA234FF64A}" = protocol=58 | dir=in | app=system |

"{1440015B-851B-44E1-A580-C9D9EF8E6682}" = protocol=17 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |

"{19D02EC6-8804-4722-BE07-DA2059C6CBAB}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |

"{2DFD8120-285D-44F4-A69B-AB33237D5EB1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{309B9C03-D6B6-4BBE-A32F-30D18A2526A8}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |

"{312E9BE8-9F9E-4C4D-95DD-A744BFEEC371}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{34F0F40C-8249-4A83-93C7-C2681EC72EA8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{38FA7B19-B4C2-498E-AC63-2327EB02ED34}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{3936C08A-AA5D-4297-AA9C-8359DBF9AAB8}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |

"{3F12C9F6-583C-4A1F-8F40-0E623F50EC28}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4650C344-FEAE-4B2D-9C2F-9615C0783606}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{5F4ACE12-EAC0-4B0E-807B-9FF7637CEDC5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{600ADDBF-7B0A-4F8E-8F6E-AAD43CEDDE99}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{62B1EEAD-8B19-4305-8567-3A72BEEF7C51}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{698CB6F8-47B4-4BBE-9FB1-1B5695E65FA4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{6DDC3A5F-A591-4E69-B141-F6A7D9F8BE44}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{711ACA14-7318-4A91-91B0-698C15601205}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{76FDAEA5-B64D-46C7-8F70-0413FC43808B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{79580DC3-90C4-4217-B340-D69B2FE8C07D}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{7AE95313-8B05-4F9B-AAA8-1F75607B4C4B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{7C7F68E2-CAD8-4F21-9D12-C2D84728B10F}" = protocol=6 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{844DD088-1897-4635-899F-1B096CB3CC3E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{85192BCD-C30B-4258-9F89-FE01763D70EC}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe |

"{9AAF6647-520F-443D-ADB7-6B0CD012B906}" = protocol=17 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{9DCA8DA5-FEB4-4474-96C3-35CD9BE0B3CB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{9F76C7D0-F82F-433B-8D47-6279F3CBE4C8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A6EB82DC-FE45-409E-BDAF-05596025260E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{A9938D46-4C02-4274-9C4B-080939D93AA3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{B0ABD855-C28F-4BBD-8C03-1461CA0B13F4}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{B1B9CD8B-8D58-4A6F-A109-2D1A0E942136}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{B2A9F349-6171-4301-BE18-3745F4DE11EA}" = protocol=17 | dir=in | app=c:\program files (x86)\windows searchqu toolbar\datamngr\toolbar\dtuser.exe |

"{B5CE6D00-B39E-45FC-95E8-F6FFC7B15536}" = protocol=6 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |

"{B5F6344D-01D8-4CC7-A7F1-88DF387EB404}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{B8C3BF69-25C1-4DE2-B187-1851DC7CFCA4}" = protocol=6 | dir=in | app=c:\nexon\vindictus eu\en-eu\nmservice.exe |

"{BDB00BBD-9F3E-4918-A3FD-A96E84D82BB7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{BE18F0B5-D60D-45AF-BBCB-F4A159A6C44C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |

"{C7E6D137-83C6-4CB3-82FE-6CD4328A3785}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

"{CC6F3534-22CA-4263-8930-71E99EF56274}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{CFB42572-EDAA-45EE-9843-6C33CEBB1AFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |

"{D03F6BF2-6291-43FC-8D9D-42DB1223B8C9}" = protocol=6 | dir=out | app=system |

"{D7EEE5C5-B0AA-4DC9-85FF-3CE80A5A8B3B}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |

"{DA205591-4AF3-4DC6-A428-872E9F8B5B67}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{DE3880CA-93F4-4D5A-9BEC-19623B83CA68}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires iii\age3.exe |

"{E09BC14C-98CE-41C1-9AEA-057B6CC33C63}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |

"{E252DEEC-7A4A-4E46-AA64-5C75D5B4E812}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{E464ED49-7BC6-4AEF-A9F7-0A2C42E3BA87}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\team fortress 2\hl2.exe |

"{F0EFE588-A180-4273-BE75-E64476927C11}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{F8B30A31-F4DE-44C1-9FF1-BE87101B24DE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{FD524095-880D-414B-9FE2-6E1241A3D2AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"TCP Query User{9D2E7F8A-D128-450F-A6AB-CF26A5DB2A51}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"TCP Query User{DA72E62C-8E9B-4E54-ABB4-6A12BCB190A0}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{DB46F47B-1AFB-4AB3-898B-53E9B333FC66}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

"UDP Query User{E544BA42-C735-4A29-97AE-FBA86A64B4FE}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes

"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources

"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker

"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources

"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources

"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources

"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources

"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources

"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources

"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources

"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources

"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources

"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer

"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources

"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources

"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources

"{5783F2D7-9001-0409-0102-0060B0CE6BBA}" = AutoCAD 2011 - English

"{5783F2D7-9001-0409-1102-0060B0CE6BBA}" = AutoCAD 2011 Language Pack - English

"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources

"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources

"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources

"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources

"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources

"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources

"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources

"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources

"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 268.00

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 268.00

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.0.21

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel® Turbo Boost Technology Monitor 2.0

"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources

"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller

"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources

"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources

"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources

"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources

"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources

"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64

"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources

"AutoCAD 2011 - English" = AutoCAD 2011 - English

"CyberGhost VPN_is1" = CyberGhost VPN

"Elantech" = ETDWare PS/2-X64 8.0.6.0_WHQL

"MatlabR2011a" = MATLAB R2011a

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh

"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer

"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack

"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common

"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials

"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common

"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger

"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack

"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live

"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3

"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack

"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail

"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh

"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer

"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar

"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common

"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack

"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker

"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources

"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common

"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials

"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima

"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer

"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer

"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack

"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack

"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker

"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail

"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack

"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer

"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21

"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources

"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com

"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer

"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack

"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh

"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources

"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger

"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger

"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4

"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh

"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger

"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh

"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup

"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack

"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials

"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer

"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery

"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials

"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live

"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources

"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh

"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail

"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials

"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer

"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack

"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack

"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content

"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer

"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.2

"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger

"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack

"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack

"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources

"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01

"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri

"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources

"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger

"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer

"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack

"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker

"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso

"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail

"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker

"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live

"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh

"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials

"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger

"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer

"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack

"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger

"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh

"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7

"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger

"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker

"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common

"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker

"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer

"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh

"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár

"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack

"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources

"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker

"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common

"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker

"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh

"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack

"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack

"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live

"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live

"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common

"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker

"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live

"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common

"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources

"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources

"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials

"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer

"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources

"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger

"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management

"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources

"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh

"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials

"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112623650}" = Belles Beauty Boutique

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}" = Sprill and Ritchie

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118399487}" = Farm Frenzy 3 Ice Age

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common

"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials

"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery

"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set

"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria

"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger

"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery

"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu

"{8B54526D-0620-4D19-8516-94607BE276DA}" = TouchCopy 11

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources

"{90140000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2010

"{90140000-001B-0000-0000-0000000FF1CE}_Office14.WORD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.WORD_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.WORD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.WORD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.WORD_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.WORD_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.WORD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.WORD_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.WORD_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.WORD_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English

"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail

"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria

"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail

"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker

"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011

"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker

"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh

"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources

"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials

"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail

"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI

"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh

"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail

"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common

"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh

"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime

"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common

"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common

"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live

"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2

"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common

"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi

"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content

"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker

"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh

"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live

"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials

"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh

"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer

"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder

"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold

"{C97623E2-0614-4845-B199-8E8BEC8E131C}_is1" = Acer GameZone Console

"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live

"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live

"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker

"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library

"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker

"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common

"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer

"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery

"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set

"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack

"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail

"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger

"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail

"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources

"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack

"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set

"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker

"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail

"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer

"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials

"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija

"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer

"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live

"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger

"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live

"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources

"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live

"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater

"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common

"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger

"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01

"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack

"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources

"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger

"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos

"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh

"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari

"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail

"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker

"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie

"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live

"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials

"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials

"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker

"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker

"Acer Registration" = Acer Registration

"Acer Screensaver" = Acer ScreenSaver

"Acer Welcome Center" = Welcome Center

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Age of Empires 2.0" = Microsoft Age of Empires II

"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold

"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion

"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor

"AVG Secure Search" = AVG Security Toolbar

"BandiMPEG1" = Bandisoft MPEG-1 Decoder

"Bandoo" = Bandoo

"blekkotb_031" = blekko search bar

"EV Nova" = EV Nova (remove only)

"Google Chrome" = Google Chrome

"Identity Card" = Identity Card

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam

"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager

"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite

"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso

"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III

"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9

"InterActual Player" = InterActual Player

"Line 6 Uninstaller" = Line 6 Uninstaller

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mount&Blade Warband" = Mount&Blade Warband

"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.WORD" = Microsoft Word 2010

"Searchqu Toolbar" = Windows Searchqu Toolbar

"SMAC 2.7" = SMAC 2.7

"Spotify" = Spotify

"Steam App 440" = Team Fortress 2

"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.20 (32-bit)

"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 08/10/2012 13:13:31 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 7628

Error - 08/10/2012 13:13:32 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/10/2012 13:13:32 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 8627

Error - 08/10/2012 13:13:32 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 8627

Error - 08/10/2012 13:13:33 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/10/2012 13:13:33 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 9641

Error - 08/10/2012 13:13:33 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 9641

Error - 08/10/2012 14:54:27 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 08/10/2012 14:54:27 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 1092

Error - 08/10/2012 14:54:27 | Computer Name = DAVE-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

[ System Events ]

Error - 28/05/2013 09:28:15 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :20" could not be registered on the interface

with IP address 143.167.203.104. The computer with the IP address 143.167.1.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:07:07 | Computer Name = Dave-PC | Source = Server | ID = 2505

Description = The server could not bind to the transport \Device\NetBT_Tcpip_{E92D26B8-CD52-43FC-83C6-226A6AC4A731}

because another computer on the network has the same name. The server could not

start.

Error - 28/05/2013 11:07:07 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :20" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.2.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:07:07 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :0" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.2.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:07:09 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :0" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.2.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:07:10 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :0" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.2.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:07:10 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :0" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.1.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:07:15 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :0" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.2.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 11:09:13 | Computer Name = Dave-PC | Source = NetBT | ID = 4321

Description = The name "DAVE-PC :0" could not be registered on the interface

with IP address 143.167.144.236. The computer with the IP address 143.167.1.157

did not allow the name to be claimed by this computer.

Error - 28/05/2013 12:34:25 | Computer Name = Dave-PC | Source = BROWSER | ID = 8032

Description =

< End of report >

Maniac · May 29, 2013

Step 1

Please uninstall the following applications:

AVG Security Toolbar

Bandoo

blekko search bar

Windows Searchqu Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 3

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={63849E8E-3EDB-43E8-B0E8-17E9F25D4BD7}&mid=8e21ad2adb4847d0bed96939b24de9fa-b0331a39918adb725faecaa4907fc1b61181c5e8〈=en&ds=st011&pr=sa&d=2012-08-13 12:24:12&v=12.2.0.5&sap=hp
IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E9D0DDF6CF8DCDAD06529C503CDEA3DE&q={searchTerms}
IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={63849E8E-3EDB-43E8-B0E8-17E9F25D4BD7}&mid=8e21ad2adb4847d0bed96939b24de9fa-b0331a39918adb725faecaa4907fc1b61181c5e8〈=en&ds=st011&pr=sa&d=2012-08-13 12:24:12&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=73&systemid=101&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com"
FF - prefs.js..extensions.enabledAddons: ffox@bandoo.com:5.1
FF - prefs.js..extensions.enabledAddons: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00
FF - prefs.js..extensions.enabledAddons: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=73&systemid=101&sr=0&q="
FF - prefs.js..browser.search.defaultenginename: "Blekko"
FF - prefs.js..browser.search.selectedEngine: "Blekko"
FF - prefs.js..browser.search.order.1: "Blekko"
FF - prefs.js..keyword.URL: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E9D0DDF6CF8DCDAD06529C503CDEA3DE&q="
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/20 17:58:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com: C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com [2011/12/03 16:46:01 | 000,000,000 | ---D | M]
[2012/08/28 16:07:25 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
[2011/12/03 16:46:15 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/12/03 16:46:01 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com
[2011/12/03 16:46:11 | 000,002,517 | ---- | M] () -- C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\searchplugins\Search_Results.xml
2013/05/20 17:58:59 | 000,003,716 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/28 16:07:25 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2011/12/03 16:46:11 | 000,002,517 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (BandooIEPlugin Class) - {EB5CEE80-030A-4ED8-8E20-454E9C68380F} - C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll (Bandoo Media Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll (Bandoo Media, inc)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll) - C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~2\bandoo\bndhook.dll) - c:\Program Files (x86)\Bandoo\BndHook.dll (Discordia Limited)
[2011/08/08 17:26:27 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\Bandoo
[2013/05/28 12:21:42 | 000,000,000 | ---D | M] -- C:\Users\Dave\AppData\Roaming\uTorrent
:files
ipconfig /flushdns /c
:Commands
[emptytemp]
[clearallrestorepoints]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Step 4

Please download AdwCleaner from here and save it on your Desktop.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 5

Download on the desktop RogueKiller
Quit all programs
Start RogueKiller.exe
Wait until Prescan has finished ...
Click on Scan. Click on Report and copy/paste the content of the notepad in your next reply.

In your next reply, post the following log files:

Junkware Removal Tool log
OTL Fix log
AdwCleaner log
RogueKiller log

dayve · May 29, 2013

AVG Security toolbar won't remove, with no error message. Should I continue with the rest of the steps?

Maniac · May 29, 2013

Yes, please.

dayve · May 29, 2013

Junkware Removal Tool did not work, I received an error message saying it may not have been installed correctly. Neither of the options on the error message solved the issue. The rest worked fine.

OTL Fix log:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.

HKU\S-1-5-21-2035412654-2637726968-1413663765-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}\ not found.

Registry key HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.

Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "AVG Secure Search" removed from browser.search.selectedEngine

Prefs.js: "http://www.searchqu.com" removed from browser.startup.homepage

Prefs.js: ffox@bandoo.com:5.1 removed from extensions.enabledAddons

Prefs.js: {99079a25-328f-4bd4-be04-00955acaa0a7}:4.5.1.00 removed from extensions.enabledAddons

Prefs.js: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0 removed from extensions.enabledAddons

Prefs.js: "http://dts.search-results.com/sr?src=ffb&appid=73&systemid=101&sr=0&q=" removed from keyword.URL

Prefs.js: "Blekko" removed from browser.search.defaultenginename

Prefs.js: "Blekko" removed from browser.search.selectedEngine

Prefs.js: "Blekko" removed from browser.search.order.1

Prefs.js: "http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=E9D0DDF6CF8DCDAD06529C503CDEA3DE&q=" removed from keyword.URL

Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar deleted successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\skin folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\zh-tw folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\zh-cn folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\tr folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\th folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\sv folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\sr folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\sk folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\ru folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\ro folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\pt-br folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\pt folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\pl folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\nl folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\nb folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\ms folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\ko folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\ja folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\it folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\id folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\hu folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\hi folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\fr folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\fi folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\es-es folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\es folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\en folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\el folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\de folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\da folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\cs folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale\af folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules\locale folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\modules folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\locale\en-US folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\locale folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\components folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5\chrome folder moved successfully.

C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 folder moved successfully.

Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\ffox@bandoo.com not found.

File C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com not found.

C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61} folder moved successfully.

Folder C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Folder C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com\ not found.

C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\searchplugins\Search_Results.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml moved successfully.

C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ deleted successfully.

File C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.

File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}\ not found.

C:\Program Files (x86)\Bandoo\Plugins\IE\ieplugin.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8769adce-dba5-48e9-afb5-67b12cdf2e61} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\ not found.

File C:\Program Files (x86)\blekkotb_031\blekkotb_019X.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

File C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\x64\datamngr.dll deleted successfully.

File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\datamngr.dll not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WIA6EB~1\Datamngr\x64\IEBHO.dll deleted successfully.

File C:\Program Files (x86)\Windows Searchqu Toolbar\Datamngr\x64\IEBHO.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\bandoo\bndhook.dll deleted successfully.

File c:\Program Files (x86)\Bandoo\BndHook.dll not found.

C:\Users\Dave\AppData\Roaming\Bandoo folder moved successfully.

C:\Users\Dave\AppData\Roaming\uTorrent\ie folder moved successfully.

C:\Users\Dave\AppData\Roaming\uTorrent\dlimagecache folder moved successfully.

C:\Users\Dave\AppData\Roaming\uTorrent\apps folder moved successfully.

C:\Users\Dave\AppData\Roaming\uTorrent folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

C:\Users\Dave\Downloads\cmd.bat deleted successfully.

C:\Users\Dave\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dave

->Temp folder emptied: 23621551 bytes

->Temporary Internet Files folder emptied: 344701206 bytes

->Java cache emptied: 1725886087 bytes

->FireFox cache emptied: 44222240 bytes

->Google Chrome cache emptied: 275235497 bytes

->Apple Safari cache emptied: 122765312 bytes

->Flash cache emptied: 95031 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 13176753 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42342841 bytes

%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes

RecycleBin emptied: 1812 bytes

Total Files Cleaned = 2,472.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05292013_145246

Files\Folders moved on Reboot...

C:\Users\Dave\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Dave\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Adwcleaner log:

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 15:01:12

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Dave - DAVE-PC

# Boot Mode : Normal

# Running from : C:\Users\Dave\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\.autoreg

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\Windows\SysWOW64\bandoolmx.dll

Folder Found : C:\Program Files (x86)\1ClickDownload

Folder Found : C:\Program Files (x86)\AVG Secure Search

Folder Found : C:\Program Files (x86)\Bandoo

Folder Found : C:\Program Files (x86)\Common Files\AVG Secure Search

Folder Found : C:\ProgramData\Anti-phishing Domain Advisor

Folder Found : C:\ProgramData\AVG Secure Search

Folder Found : C:\ProgramData\blekko toolbars

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\Users\Dave\AppData\Local\AVG Secure Search

Folder Found : C:\Users\Dave\AppData\Local\Ilivid Player

Folder Found : C:\Users\Dave\AppData\Local\PackageAware

Folder Found : C:\Users\Dave\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\Dave\AppData\LocalLow\Bandoo

Folder Found : C:\Users\Dave\AppData\LocalLow\Conduit

Folder Found : C:\Users\Dave\AppData\LocalLow\searchquband

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala

Key Found : HKCU\Software\IGearSettings

Key Found : HKCU\Software\ilivid

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\Software\Bandoo

Key Found : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Found : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Found : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Found : HKLM\SOFTWARE\DataMngr

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v6.0 (en-US)

File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10040 octets] - [29/05/2013 15:01:12]

########## EOF - C:\AdwCleaner[R1].txt - [10101 octets] ##########

RogueKiller log:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Dave [Admin rights]

Mode : Scan -- Date : 05/29/2013 15:06:04

| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] visicom_antiphishing.exe -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Anti-phishing Domain Advisor ("C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe") [7] -> FOUND

[TASK][sUSP PATH] IHUninstallTrackingTASK : CMD /C DEL C:\Windows\TEMP\IHU5B58.tmp.exe [x] -> FOUND

[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND

[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] e7c367418b5e13b06d3163cd506eb44b

[bSP] c0256544aebeb5389655c22996a53800 : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 15360 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 31459328 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 31664128 | Size: 461478 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_05292013_02d1506.txt >>

RKreport[1]_S_05292013_02d1506.txt

Maniac · May 29, 2013

Please re-run AdwCleaner
Click on Delete button.
Confirm each time with OK.
Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

dayve · May 29, 2013

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 15:18:06

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Dave - DAVE-PC

# Boot Mode : Normal

# Running from : C:\Users\Dave\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\Common Files\AVG Secure Search

File Deleted : C:\Program Files (x86)\Mozilla Firefox\.autoreg

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\Windows\SysWOW64\bandoolmx.dll

Folder Deleted : C:\Program Files (x86)\1ClickDownload

Folder Deleted : C:\Program Files (x86)\AVG Secure Search

Folder Deleted : C:\Program Files (x86)\Bandoo

Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor

Folder Deleted : C:\ProgramData\AVG Secure Search

Folder Deleted : C:\ProgramData\blekko toolbars

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\Users\Dave\AppData\Local\AVG Secure Search

Folder Deleted : C:\Users\Dave\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Dave\AppData\Local\PackageAware

Folder Deleted : C:\Users\Dave\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\Dave\AppData\LocalLow\Bandoo

Folder Deleted : C:\Users\Dave\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Dave\AppData\LocalLow\searchquband

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AVG Secure Search

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala

Key Deleted : HKCU\Software\IGearSettings

Key Deleted : HKCU\Software\ilivid

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}

Key Deleted : HKCU\Software\YahooPartnerToolbar

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Bandoo

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr

Key Deleted : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1

Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ahilkiibpgjnonbhdfkkgjddddmapala

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}

Key Deleted : HKLM\SOFTWARE\DataMngr

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v6.0 (en-US)

File : C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Dave\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10145 octets] - [29/05/2013 15:01:12]

AdwCleaner[s1].txt - [10338 octets] - [29/05/2013 15:18:06]

########## EOF - C:\AdwCleaner[s1].txt - [10399 octets] ##########

Maniac · May 29, 2013

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

dayve · May 29, 2013

ComboFix 13-05-29.01 - Dave 29/05/2013 15:43:34.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2290 [GMT 1:00]

Running from: c:\users\Dave\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\install.exe

c:\programdata\FullRemove.exe

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))

.

2074-05-07 18:38 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-05-29 14:55 . 2013-05-29 14:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-29 14:55 . 2013-05-29 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-29 13:52 . 2013-05-29 13:52 -------- d-----w- C:\_OTL

2013-05-29 13:50 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{46B16220-CDF2-4941-A8D5-DBECC2E80DA2}\mpengine.dll

2013-05-29 13:31 . 2013-05-29 13:49 -------- d-----w- C:\JRT

2013-05-28 11:18 . 2013-05-28 11:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-05-28 11:18 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-05-27 21:47 . 2013-05-27 21:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-05-27 21:44 . 2013-05-27 21:44 -------- d-----w- c:\program files\Microsoft Silverlight

2013-05-27 21:44 . 2013-05-27 21:44 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2013-05-27 18:16 . 2013-05-27 18:16 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{56F2EE52-F877-4C54-9993-EF0662A69AB5}\gapaengine.dll

2013-05-27 18:16 . 2013-05-12 22:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-27 18:12 . 2013-05-27 18:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-05-27 18:12 . 2013-05-27 18:13 -------- d-----w- c:\program files\Microsoft Security Client

2013-05-27 16:38 . 2013-05-27 16:38 -------- d-----w- c:\users\Dave\AppData\Roaming\SUPERAntiSpyware.com

2013-05-27 16:38 . 2013-05-27 16:38 -------- d-----w- c:\program files\SUPERAntiSpyware

2013-05-27 16:38 . 2013-05-27 16:38 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2013-05-27 16:32 . 2013-05-27 16:32 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes

2013-05-27 16:32 . 2013-05-27 16:32 -------- d-----w- c:\programdata\Malwarebytes

2013-05-27 16:32 . 2013-05-27 16:32 -------- d-----w- c:\users\Dave\AppData\Local\Programs

2013-05-27 14:17 . 2013-05-27 14:17 -------- d-----w- c:\users\Dave\AppData\Roaming\SystemRequirementsLab

2013-05-21 12:05 . 2013-05-21 12:05 -------- d-----w- c:\users\Dave\AppData\Roaming\TuneUp Software

2013-05-21 11:59 . 2013-05-27 16:26 -------- d-----w- c:\programdata\MFAData

2013-05-21 11:59 . 2013-05-21 11:59 -------- d-----w- c:\users\Dave\AppData\Local\MFAData

2013-05-21 11:45 . 2013-05-21 11:45 -------- d-----w- C:\mfe

2013-05-15 09:38 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 09:38 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 09:38 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 09:38 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 09:38 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 09:38 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 09:38 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 09:37 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 09:37 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 09:37 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 09:37 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 09:37 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-11 12:06 . 2013-05-11 12:06 -------- d-----w- c:\users\Dave\jagexcache

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-20 16:58 . 2012-08-13 11:24 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-15 22:40 . 2011-08-06 13:20 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 19:22 . 2012-04-11 09:43 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 19:22 . 2011-08-07 22:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 12:14 . 2010-06-24 18:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 05:49 . 2013-05-15 09:37 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 09:37 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 09:37 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 09:37 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 09:37 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 09:37 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 12:46 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 04:35 . 2013-04-19 15:00 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-19 06:04 . 2013-04-11 13:31 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-11 13:31 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-11 13:31 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-11 13:31 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-11 13:31 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-11 13:31 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-06 15:11 . 2012-06-05 16:31 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-03-06 15:11 . 2011-08-06 19:54 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 5622512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]

"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux4"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 161384]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-09-28 172912]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-09-25 1436424]

R3 L6UX2;Service - Line 6 UX2;c:\windows\system32\Drivers\L6UX264.sys [2011-04-29 768000]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso64.sys [2012-10-02 172952]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-06 1255736]

R4 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-03-30 25960]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-20 45856]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-06-08 22912]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-06-08 20328]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-06-08 62584]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-23 143120]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]

S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-05-10 872552]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-26 29696]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-12-04 103472]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-10-08 19192]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]

S2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [2013-05-20 1015984]

S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\drivers\b57xdbd.sys [2011-01-21 67624]

S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\drivers\b57xdmp.sys [2011-01-21 19496]

S3 bScsiMSa;bScsiMSa;c:\windows\system32\drivers\bScsiMSa.sys [2011-01-20 52264]

S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys [2011-01-14 85544]

S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-11-12 138024]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-01-17 412712]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-05-24 17:45 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.94\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 19:22]

.

2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 22:29]

.

2013-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-07 22:29]

.

2013-05-27 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a86951be-7c23-4547-b602-31d378c37ae1.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]

.

2013-05-28 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d6f4ef84-c64d-4c1a-9aca-d75c8b4a0725.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]

"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page =

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: line6.net

TCP: DhcpNameServer = 143.167.252.110 143.167.2.110

FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=

FF - ExtSQL: !HIDDEN! 2011-12-03 15:46; ffox@bandoo.com; c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-!{8769adce-dba5-48e9-afb5-67b12cdf2e61} - (no file)

Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-!{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe

AddRemove-Stellar Phoenix Photo Recovery_is1 - c:\program files (x86)\Stellar Phoenix Photo Recovery\unins000.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

"Progid"="SafariDownload"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

"Progid"="SafariExtension"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

"Progid"="SafariHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\S-1-5-21-2035412654-2637726968-1413663765-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2035412654-2637726968-1413663765-1001)

"Progid"="SafariHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-29 16:00:36

ComboFix-quarantined-files.txt 2013-05-29 15:00

.

Pre-Run: 305,631,051,776 bytes free

Post-Run: 304,861,290,496 bytes free

.

- - End Of File - - 11D103463A96010A73A1445D6F9C186D

Maniac · May 29, 2013

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe
DDS::
uStart Page =
FireFox::
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: !HIDDEN! 2011-12-03 15:46; ffox@bandoo.com; c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\mh7hcmko.default\extensions\ffox@bandoo.com
JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

dayve · May 29, 2013

ComboFix 13-05-29.01 - Dave 29/05/2013 16:26:31.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3948.2135 [GMT 1:00]

Running from: c:\users\Dave\Desktop\ComboFix.exe

Command switches used :: c:\users\Dave\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe"

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-29 )))))))))))))))))))))))))))))))

.

2074-05-07 18:38 . 2006-11-21 20:48 203576 ------w- c:\program files (x86)\Microsoft Games\Age of Empires III\autopatcher2.exe

2013-05-29 15:36 . 2013-05-29 15:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-05-29 15:36 . 2013-05-29 15:36 -------- d-----w- c:\users\Default\AppData\Local\temp