Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

AVG scan showed 3 Rootkits unable to remove/hidden [Solved]

Started by mengmania , Dec 01 2012 10:23 PM

  • This topic is locked This topic is locked

#1
mengmania
Posted 01 December 2012 - 10:23 PM

mengmania

    Member

  • Member
  • PipPip
  • 78 posts
Hi, I did not have the full version of AVG and ran a scan, it showed 3 rootkits that were "unknown" and hidden. It could not remove them. I've since purchased the full version, but can't remove the rootkits. I've posted my OTL and OTL Extras files below. I have Windows VISTA. I haven't noticed any system problems so not sure if these are mal-ware. Any help you could give would be greatly appreciated.

Thank you!
Francie

OTL logfile created on: 12/1/2012 7:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lively Stone\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 45.15% Memory free
3.75 Gb Paging File | 2.32 Gb Available in Paging File | 61.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 54.16 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 140.76 Gb Free Space | 97.72% Space Free | Partition Type: NTFS

Computer Name: MENGMANIA | User Name: Lively Stone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/01 19:58:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lively Stone\Downloads\OTL.exe
PRC - [2012/10/27 17:47:11 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/07 02:39:46 | 004,370,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgui.exe
PRC - [2012/07/31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2012/07/26 02:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgfws.exe
PRC - [2012/06/13 02:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012/03/19 04:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012/02/14 03:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/12/23 16:24:00 | 001,628,944 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\SafeEyes.exe
PRC - [2011/12/23 16:24:00 | 000,241,424 | ---- | M] (InternetSafety.com, Inc.) -- C:\Program Files\Internet Content Filter\UpdateService.exe
PRC - [2011/08/05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe
PRC - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccsvchst.exe
PRC - [2010/06/24 11:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 11:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
PRC - [2008/01/09 18:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2008/01/09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
PRC - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/03 01:55:48 | 000,521,776 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/07/05 19:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/02/01 16:37:40 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/27 17:47:09 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/09/03 07:24:23 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/06/16 06:55:10 | 000,925,696 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2011/06/15 02:43:02 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll
MOD - [2011/06/15 02:41:25 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2011/06/15 02:41:18 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/06/15 02:41:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/06/15 02:40:58 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/06/15 02:39:34 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/06/15 02:39:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/06/15 02:39:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/06/15 02:37:58 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/06/15 02:37:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2008/07/27 10:03:15 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2008/03/22 20:18:26 | 001,675,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2783.36951__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/03/22 20:18:26 | 000,245,760 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.36910__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2783.36964__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/03/22 20:18:26 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.37171__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.37128__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2783.36943__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/03/22 20:18:26 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.37064__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:26 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.36929__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:25 | 000,483,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2783.37212__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/03/22 20:18:01 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2783.37218__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:01 | 000,090,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2783.37143__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/03/22 20:18:01 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2783.36924__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,794,624 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2783.37074__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2783.36978__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2783.36930__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2783.37157__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/03/22 20:18:00 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2783.37136__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2783.36971__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2783.37095__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/03/22 20:18:00 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.37072__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.37135__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.2783.37204__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.36983__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/03/22 20:18:00 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.37094__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2783.37066__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/03/22 20:17:59 | 000,331,776 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2783.37059__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/03/22 20:17:59 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.37064__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.37072__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.37114__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/03/22 20:17:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2756.30551__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2756.30547__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2756.30563__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2756.30557__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2756.30563__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/03/22 20:17:59 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/03/22 20:17:58 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2756.30548__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2756.30538__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2756.30568__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/03/22 20:17:58 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2756.30593__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2756.30535__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2756.30635__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/03/22 20:17:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2756.30541__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2756.30592__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2756.30590__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/03/22 20:17:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2756.30556__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2756.30550__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2756.30543__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2756.30554__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2756.30578__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2756.30588__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2756.30552__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2756.30559__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/03/22 20:17:58 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2756.30577__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2756.30568__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2756.30564__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2756.30564__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2756.30590__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2756.30567__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2756.30558__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2756.30560__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2756.30562__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2756.30565__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2756.30558__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2756.30537__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/03/22 20:17:57 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2756.30559__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/03/22 20:17:57 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2756.30555__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/03/22 20:17:57 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2756.30551__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/03/22 20:17:49 | 000,471,040 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2783.36937__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/03/22 20:17:49 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.37195__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/03/22 20:17:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.37193__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/03/22 20:17:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2756.30545__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/03/22 20:17:49 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.37239__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/03/22 20:17:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2756.30543__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/03/22 20:17:49 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2756.30589__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/03/22 20:17:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2756.30556__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/03/22 20:17:49 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.36901__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/03/22 20:17:48 | 001,507,328 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2783.36918__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/03/22 20:17:48 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.37186__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2008/03/22 20:17:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.36902__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/03/22 20:17:48 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.36903__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/03/22 20:17:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2783.36902__90ba9c70f846762e\APM.Server.dll
MOD - [2008/03/22 20:17:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2783.36901__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/03/22 20:17:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2756.30555__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/03/22 20:17:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2756.30554__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/03/22 20:17:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.37194__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/03/22 20:17:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/03/22 20:17:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2756.30556__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/03/22 20:17:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2756.30578__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2008/01/22 16:42:54 | 000,002,560 | ---- | M] () -- C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
MOD - [2008/01/09 18:43:26 | 000,326,176 | ---- | M] () -- C:\Acer\Empowering Technology\SysMonitor.exe
MOD - [2008/01/09 18:43:12 | 000,057,344 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll
MOD - [2008/01/09 18:42:54 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll
MOD - [2008/01/03 02:00:48 | 000,227,888 | ---- | M] () -- C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
MOD - [2007/12/19 18:09:38 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll
MOD - [2007/12/19 18:08:54 | 000,155,648 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll
MOD - [2007/12/19 18:08:28 | 003,420,160 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\eSettings.View.dll
MOD - [2007/12/19 18:08:10 | 000,032,768 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll
MOD - [2007/10/17 10:38:20 | 000,045,056 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll
MOD - [2007/10/17 10:38:00 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll
MOD - [2007/10/17 10:38:00 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll
MOD - [2007/10/17 10:37:58 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
MOD - [2007/10/17 09:55:10 | 000,020,480 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll
MOD - [2007/10/17 09:55:10 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\MemCheck.Interface.dll
MOD - [2007/08/13 20:55:22 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/03/08 03:05:06 | 000,017,024 | ---- | M] () -- C:\Program Files\Adobe\Reader 8.0\Reader\ViewerPS.dll
MOD - [2007/02/13 05:26:30 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
MOD - [2007/02/01 16:37:12 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56kor.dll
MOD - [2007/02/01 16:37:10 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ita.dll
MOD - [2007/02/01 16:37:10 | 000,057,344 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56jpn.dll
MOD - [2007/02/01 16:37:08 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56ger.dll
MOD - [2007/02/01 16:37:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56fra.dll
MOD - [2007/02/01 16:37:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56esp.dll
MOD - [2007/02/01 16:37:04 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56dnk.dll
MOD - [2007/02/01 16:37:02 | 000,065,536 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56brz.dll
MOD - [2007/02/01 16:37:02 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56cht.dll
MOD - [2007/02/01 16:37:00 | 000,053,248 | ---- | M] () -- C:\Program Files\Motorola\SMSERIAL\sm56chs.dll


========== Services (SafeList) ==========

SRV - [2012/10/27 17:47:10 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/23 16:24:00 | 000,241,424 | ---- | M] (InternetSafety.com, Inc.) [Auto | Running] -- C:\Program Files\Internet Content Filter\UpdateService.exe -- (seUpdateSvc)
SRV - [2011/08/05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011/08/05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011/08/05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011/04/16 16:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe -- (N360)
SRV - [2010/06/24 11:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/25 18:49:04 | 000,269,448 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe -- (Acer HomeMedia Connect Service)
SRV - [2008/01/20 18:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/03 01:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/12/19 18:09:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/10/17 10:38:20 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - [2012/08/24 14:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/07/26 02:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/04/19 03:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/01/31 03:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/12/23 12:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/12/23 12:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011/12/23 12:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011/12/23 12:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2011/12/21 22:50:32 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/12/21 17:29:16 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/21 16:16:30 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/18 01:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.018\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/18 01:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\Definitions\VirusDefs\20111229.018\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/09 17:34:22 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/04/20 17:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symtdiv.sys -- (SYMTDIv)
DRV - [2011/03/30 19:00:09 | 000,516,216 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\N360\0502020.003\srtsp.sys -- (SRTSP)
DRV - [2011/03/30 19:00:09 | 000,050,168 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\srtspx.sys -- (SRTSPX)
DRV - [2011/03/14 18:31:23 | 000,744,568 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symefa.sys -- (SymEFA)
DRV - [2011/01/26 22:47:10 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\N360\0502020.003\symds.sys -- (SymDS)
DRV - [2011/01/26 21:07:05 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\N360\0502020.003\ironx86.sys -- (SymIRON)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/04/01 14:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2009/07/10 13:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 17:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/11/11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/01/20 18:23:26 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/11/06 09:30:48 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\zntport.sys -- (zntport)
DRV - [2007/11/06 09:30:46 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TVicPort.sys -- (tvicport)
DRV - [2007/11/02 15:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/08/13 21:07:16 | 003,076,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/07/03 09:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/02/01 16:37:36 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/10/30 10:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2005/11/17 01:42:48 | 000,245,376 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rt2500usb.sys -- (WUSB54GPV4SRV)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.us.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.us.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.0-x86-SP1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 76 A9 F1 3E B4 CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{164A46A7-57C3-4D13-8185-D50CD1E59B0B}: "URL" = http://search.avg.co...{language}&nt=1
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{A59C167F-298F-30E1-8F0D-B7ED3F450647}: "URL" = http://www.startnow....ion=6.0-x86-SP1
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.avg.co...&tp=ab&nt=1&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Dorothy\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/09 05:59:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPlgn\ [2011/12/25 15:55:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2 [2012/12/01 19:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramDataMozilla\Extensions\[email protected] [2011/05/29 16:25:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/10 19:57:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/28 07:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/02 20:55:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/02 20:55:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/02/09 05:59:49 | 000,000,000 | ---D | M]

[2009/11/09 20:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Extensions
[2012/10/23 20:22:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Firefox\Profiles\hl4h34av.default\extensions
[2010/06/25 17:02:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Firefox\Profiles\hl4h34av.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/10/11 19:48:56 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Lively Stone\AppData\Roaming\mozilla\Firefox\Profiles\hl4h34av.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/29 16:24:55 | 000,002,265 | ---- | M] () -- C:\Users\Lively Stone\AppData\Roaming\mozilla\firefox\profiles\hl4h34av.default\searchplugins\bing-zugo.xml
[2012/10/27 17:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/10/27 17:47:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012/10/27 17:47:11 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/12/01 18:11:50 | 000,003,544 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/31 11:12:01 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/19 16:00:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/10/12 21:19:31 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\SEToolbar.dll (InternetSafety.com, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Safe &Eyes Toolbar) - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files\Internet Content Filter\SEToolbar.dll (InternetSafety.com, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\5.2.2.3\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ICF] C:\Program Files\Internet Content Filter\SafeEyes.exe (InternetSafety.com, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\icf.dll (InternetSafety.com, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_34)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6879CCB1-4EB6-4AAB-81E5-21903DDCD77C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lively Stone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Lively Stone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{7740c2de-35c8-11e2-b29f-001c258b0464}\Shell - "" = AutoRun
O33 - MountPoints2\{7740c2de-35c8-11e2-b29f-001c258b0464}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{9bce95e8-e290-11e1-9546-001c258b0464}\Shell - "" = AutoRun
O33 - MountPoints2\{9bce95e8-e290-11e1-9546-001c258b0464}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/02 21:05:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/11/02 21:03:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/02 21:03:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/02 21:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/11/02 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/11/02 20:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lively Stone\Desktop\*.tmp files -> C:\Users\Lively Stone\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/01 19:54:27 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/12/01 19:54:27 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/12/01 19:46:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 19:46:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/01 19:46:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/01 18:19:44 | 101,738,057 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/12/01 18:19:44 | 000,629,730 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2012/11/28 20:09:20 | 001,592,521 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Anthropologie blanket.jpg
[2012/11/28 19:53:52 | 000,722,542 | ---- | M] () -- C:\Users\Lively Stone\Desktop\For Cody.jpg
[2012/11/28 19:51:42 | 001,755,585 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Apple Music_Portland.jpg
[2012/11/28 19:47:32 | 001,496,052 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Anthro Tea Towels.jpg
[2012/11/28 19:44:54 | 001,321,537 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Anthropologie_Portland 9-1-12.jpg
[2012/11/28 19:43:00 | 001,145,676 | ---- | M] () -- C:\Users\Lively Stone\Desktop\Portland_2012-09-01.jpg
[2012/11/26 18:42:07 | 000,394,764 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/11/25 15:48:52 | 000,019,456 | ---- | M] () -- C:\Users\Lively Stone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/02 21:05:03 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/02 20:54:49 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Lively Stone\Desktop\*.tmp files -> C:\Users\Lively Stone\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/28 19:53:58 | 000,722,542 | ---- | C] () -- C:\Users\Lively Stone\Desktop\For Cody.jpg
[2012/11/28 19:51:54 | 001,755,585 | ---- | C] () -- C:\Users\Lively Stone\Desktop\Apple Music_Portland.jpg
[2012/11/28 19:49:22 | 001,321,537 | ---- | C] () -- C:\Users\Lively Stone\Desktop\Anthropologie_Portland 9-1-12.jpg
[2012/11/28 19:47:47 | 001,496,052 | ---- | C] () -- C:\Users\Lively Stone\Desktop\Anthro Tea Towels.jpg
[2012/11/28 19:47:06 | 001,592,521 | ---- | C] () -- C:\Users\Lively Stone\Desktop\Anthropologie blanket.jpg
[2012/11/28 19:43:36 | 001,145,676 | ---- | C] () -- C:\Users\Lively Stone\Desktop\Portland_2012-09-01.jpg
[2012/11/02 21:05:03 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/02 20:54:49 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/09/08 14:49:23 | 000,079,015 | ---- | C] () -- C:\Users\Lively Stone\watercolor poppies.jpg
[2012/09/08 09:14:01 | 000,814,039 | ---- | C] () -- C:\Users\Lively Stone\pansies.jpg
[2012/09/04 21:11:18 | 000,074,824 | ---- | C] () -- C:\Users\Lively Stone\gma dot.jpg
[2012/09/04 21:09:11 | 000,117,751 | ---- | C] () -- C:\Users\Lively Stone\seattle zoo.jpg
[2012/09/04 21:06:51 | 000,107,685 | ---- | C] () -- C:\Users\Lively Stone\red tongue.jpg
[2012/09/04 21:04:08 | 000,081,016 | ---- | C] () -- C:\Users\Lively Stone\big burger.jpg
[2012/09/04 21:01:47 | 000,079,806 | ---- | C] () -- C:\Users\Lively Stone\grad 2012 b.jpg
[2012/09/04 20:59:13 | 000,042,745 | ---- | C] () -- C:\Users\Lively Stone\grad 12.jpg
[2012/09/04 20:55:38 | 000,051,698 | ---- | C] () -- C:\Users\Lively Stone\cozmic.jpg
[2012/09/04 20:51:27 | 000,080,326 | ---- | C] () -- C:\Users\Lively Stone\skycamp.jpg
[2012/09/04 20:47:30 | 000,064,156 | ---- | C] () -- C:\Users\Lively Stone\Project 86.jpg
[2012/08/30 19:56:37 | 000,337,063 | ---- | C] () -- C:\Users\Lively Stone\il_fullxfull.214804254.jpg
[2012/08/19 20:28:16 | 000,113,508 | ---- | C] () -- C:\Users\Lively Stone\419566_333639203336932_100000725663089_1027976_1738736079_n.jpg
[2012/08/19 17:11:55 | 000,067,830 | ---- | C] () -- C:\Users\Lively Stone\alice in wonderland.jpg
[2012/08/15 07:40:47 | 000,019,938 | ---- | C] () -- C:\Users\Lively Stone\hair.jpg
[2012/08/13 08:49:37 | 000,018,026 | ---- | C] () -- C:\Users\Lively Stone\Comic Art.jpg
[2012/08/10 08:03:23 | 000,045,941 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 4.jpg
[2012/08/10 08:02:34 | 000,052,801 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 3.jpg
[2012/08/10 08:02:06 | 000,091,447 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 2.jpg
[2012/08/10 08:01:44 | 000,146,568 | ---- | C] () -- C:\Users\Lively Stone\Holly Yashi 1.jpg
[2012/08/07 20:11:20 | 000,014,108 | ---- | C] () -- C:\Users\Lively Stone\Cody in the studio.jpg
[2012/06/18 20:09:12 | 000,102,609 | ---- | C] () -- C:\Users\Lively Stone\hollyhock border test.jpg
[2012/06/18 20:00:26 | 000,116,716 | ---- | C] () -- C:\Users\Lively Stone\hollyhock border.jpg
[2012/06/02 10:16:17 | 000,028,425 | ---- | C] () -- C:\Users\Lively Stone\blog_3679.jpg
[2012/05/28 12:17:33 | 000,069,074 | ---- | C] () -- C:\Users\Lively Stone\Lace Card Template.jpg
[2012/02/25 09:59:50 | 000,122,576 | ---- | C] () -- C:\Users\Lively Stone\Embroidered bracelets!!!.JPG
[2012/02/11 10:52:14 | 000,000,173 | ---- | C] () -- C:\Users\Lively Stone\Plant a Tree - Martha Stewart Gardening.URL
[2012/01/28 22:41:53 | 000,107,280 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2011/12/26 17:56:58 | 000,010,158 | ---- | C] () -- C:\Users\Lively Stone\pointy finger.JPG
[2011/12/10 22:38:45 | 000,000,093 | ---- | C] () -- C:\Users\Lively Stone\crafts for spring colorful hat make handmade, crochet, craft.URL
[2011/11/24 09:05:51 | 000,066,202 | ---- | C] () -- C:\Users\Lively Stone\ruler painted table.JPG
[2011/11/15 19:06:25 | 000,021,109 | ---- | C] () -- C:\Users\Lively Stone\download-germanbirds-n0-bg-paperrelics.jpg
[2011/11/15 19:06:08 | 000,930,886 | ---- | C] () -- C:\Users\Lively Stone\germanbirds-paperrelics.jpg
[2011/11/13 12:28:32 | 000,058,763 | ---- | C] () -- C:\Users\Lively Stone\candianhomemagoniline.jpg
[2011/11/12 23:20:16 | 000,000,041 | ---- | C] () -- C:\Users\Lively Stone\Telephone Number IDentification.URL
[2011/11/09 18:19:17 | 000,101,542 | ---- | C] () -- C:\Users\Lively Stone\danaidae.jpg
[2011/11/09 18:18:12 | 000,132,704 | ---- | C] () -- C:\Users\Lively Stone\blueMorphoZ.jpg
[2011/11/09 18:16:30 | 000,180,795 | ---- | C] () -- C:\Users\Lively Stone\1.gif
[2011/11/09 18:15:56 | 000,066,119 | ---- | C] () -- C:\Users\Lively Stone\butterfly-pictures-1.jpg
[2011/11/06 18:05:52 | 000,032,790 | ---- | C] () -- C:\Users\Lively Stone\Scrappy Sparrows Template.jpg
[2011/11/06 16:50:30 | 000,609,705 | ---- | C] () -- C:\Users\Lively Stone\thankful.pdf
[2011/10/15 22:31:32 | 000,065,014 | ---- | C] () -- C:\Users\Lively Stone\bedroom idea.jpg
[2011/09/03 07:30:00 | 000,000,000 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\{088451F0-C3E7-45A1-91BE-0551A0F7E67F}
[2011/05/18 18:24:17 | 000,001,940 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/09 18:25:38 | 000,039,331 | ---- | C] () -- C:\Users\Lively Stone\daisy art.png
[2010/12/09 21:07:02 | 000,032,874 | ---- | C] () -- C:\Users\Lively Stone\pyramid_vegetarian.gif
[2010/12/08 20:19:17 | 000,042,700 | ---- | C] () -- C:\Users\Lively Stone\Dees_Daily_Commitments.pdf
[2010/11/27 20:00:34 | 000,000,127 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/11/11 19:23:12 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2010/10/18 11:21:54 | 000,000,079 | ---- | C] () -- C:\Users\Lively Stone\A Beginner's Guide to Making a DIY Planner DIY Planner.URL
[2010/08/23 19:02:42 | 000,000,069 | ---- | C] () -- C:\Users\Lively Stone\Atlas Shrugged - Wikipedia, the free encyclopedia.URL
[2010/08/07 22:09:17 | 000,000,000 | ---- | C] () -- C:\Users\Lively Stone\jagex__preferences3.dat
[2010/08/07 22:09:16 | 000,000,099 | ---- | C] () -- C:\Users\Lively Stone\jagex_runescape_preferences2.dat
[2010/08/07 22:08:04 | 000,000,046 | ---- | C] () -- C:\Users\Lively Stone\jagex_runescape_preferences.dat
[2010/06/27 10:40:54 | 000,138,914 | ---- | C] () -- C:\Users\Lively Stone\e94525.jpg
[2010/06/12 20:27:02 | 000,070,094 | ---- | C] () -- C:\Users\Lively Stone\Christmas tags 2.jpg
[2010/06/12 20:26:28 | 000,074,797 | ---- | C] () -- C:\Users\Lively Stone\Christmas tags.jpg
[2010/05/31 17:57:57 | 000,000,077 | ---- | C] () -- C:\Users\Lively Stone\Lane County, Oregon (OR) Live Police, Fire, and EMS Scanners on RadioReference.com.URL
[2010/05/13 20:45:12 | 000,415,113 | ---- | C] () -- C:\Users\Lively Stone\Scrabble tiles from namaqua art.jpg
[2010/05/13 20:27:50 | 000,126,204 | ---- | C] () -- C:\Users\Lively Stone\Juke box numbers.jpg
[2010/05/13 19:45:51 | 000,303,674 | ---- | C] () -- C:\Users\Lively Stone\number plaques.jpg
[2010/05/13 19:42:47 | 000,167,285 | ---- | C] () -- C:\Users\Lively Stone\house numbers.jpg
[2010/05/13 19:41:48 | 000,226,270 | ---- | C] () -- C:\Users\Lively Stone\numbers book 51.jpg
[2010/05/13 19:41:35 | 000,226,270 | ---- | C] () -- C:\Users\Lively Stone\numbers book.jpg
[2010/03/27 21:47:05 | 000,000,172 | ---- | C] () -- C:\Users\Lively Stone\Wholesale Beads and Jewelry Making Supplies - Fire Mountain Gems and Beads.URL
[2010/03/27 14:35:25 | 000,105,136 | ---- | C] () -- C:\Users\Lively Stone\Cody and Mom.jpg
[2010/03/24 20:46:58 | 000,000,553 | ---- | C] () -- C:\Users\Lively Stone\Google Image Result for httpactiverain.comimage_storeuploads59940ar120640827904995.JPG.URL
[2010/02/20 11:48:33 | 000,007,268 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\d3d9caps.dat
[2010/02/04 17:39:23 | 000,000,078 | ---- | C] () -- C:\Users\Lively Stone\ABS Login Bible Search from American Bible Society.URL
[2009/12/26 09:02:10 | 000,000,004 | ---- | C] () -- C:\Users\Lively Stone\AppData\Roaming\wklnhst.dat
[2009/11/10 21:07:55 | 000,019,456 | ---- | C] () -- C:\Users\Lively Stone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 20:47:22 | 000,000,918 | RHS- | C] () -- C:\Users\Lively Stone\ntuser.pol

========== ZeroAccess Check ==========

[2006/11/02 04:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 07:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/02 20:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 18:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/11/09 20:47:44 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\Acer
[2008/02/26 00:11:52 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\Acer GameZone Console
[2011/09/30 19:07:53 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\AVG2012
[2012/05/27 20:29:59 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2009/11/09 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\Leadertech
[2012/06/02 10:40:53 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\PDAppFlex
[2010/11/27 18:26:32 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\Smith Micro
[2010/09/06 16:38:05 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\Solitaire.Com
[2009/12/26 09:02:12 | 000,000,000 | ---D | M] -- C:\Users\Lively Stone\AppData\Roaming\Template

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8

< End of report >





OTL Extras logfile created on: 12/1/2012 7:58:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lively Stone\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 45.15% Memory free
3.75 Gb Paging File | 2.32 Gb Available in Paging File | 61.84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144.29 Gb Total Space | 54.16 Gb Free Space | 37.53% Space Free | Partition Type: NTFS
Drive D: | 144.04 Gb Total Space | 140.76 Gb Free Space | 97.72% Space Free | Partition Type: NTFS

Computer Name: MENGMANIA | User Name: Lively Stone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0196518B-2339-4B5A-803C-C086C3334118}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{07CECE76-781F-4259-9D52-32D5B5DCB757}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0CE46161-2815-4CE2-BE91-77201FFDADE7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{0DE48155-9472-45C2-8F94-3B1DACD78F83}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{10DAFB14-8D9B-4B11-BB8D-0DC93F1163B4}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe |
"{1695AC12-8BBE-456D-815D-D678C21BAD4B}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1EE5B17F-0736-4243-A7DA-0D3EB2AB7F2A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{237ACACF-E33C-4946-86ED-CB9F108282F9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{2424BBFC-DA74-4FA1-A988-DA7C7CD15A56}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe |
"{2529BB15-151D-4A28-8BD9-539EA9662F0A}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{281BC587-1962-47F8-B6CE-BA9DC9EA460E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{2A63A495-5CAD-4103-B90F-DF25C46CB707}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{2AFEFC20-7385-4B98-B7A4-0888DA45927F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{310A1D4D-88A2-4009-8040-A4FAD5E64CC1}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{377201EF-7B65-4587-B965-DECAA4BF861E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{3BE693F5-7130-4BC7-9A6C-4A6205845946}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe |
"{475B3E77-EDDF-4BE8-9872-3EE2A2CCA3DC}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{4AE1A296-3849-4454-A57D-3EA75A103D99}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{53A279C9-94CB-4A8A-A6EE-DDEA81D23602}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{54DC87CE-21BD-4943-B7C3-8E63EBB4F7EC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6CAE32EF-C2FE-45CC-BB63-5B7B89CE8169}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{72DC74E6-7FCE-4466-99B1-40510D43901B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{74027377-7E08-40B5-9877-6232F2B5C24F}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe |
"{856E877E-EFE6-4BDD-969E-B456B9390C1C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{85B30592-2319-4109-8DA6-186FD76841D6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{888920B3-F270-438F-8872-AF734177767A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{923FBA1C-7186-4E4A-94A7-18B7CDC60BE3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{92D91791-D629-4FB4-A4B7-9584809A53A5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{968871DE-8189-45BD-A9B4-9939E1B2BA14}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{A3B67C9E-41D7-4610-A176-CEE5758E2622}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{A50260FB-5643-4BAC-AAD0-2346CFB0E18E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{AE096EC1-72D3-42B4-BA59-D3B2561016D8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{B2F54137-2A82-43B7-A430-9C9B76469032}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B8A855C6-46DB-412B-A5C8-F96CDCDBCC5D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{BBF274C6-BEB0-499F-BCCE-B2C00B06FA7F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BDD10C29-686D-4F99-B227-93532C02B99E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{CD9CD587-2C8F-4B71-B529-16496A771366}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{CE2E685D-CA0F-4C6C-AF08-762669ADE65E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{CE47B956-C137-46AA-8EBD-8937F47CB507}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe |
"{D23CE649-6D04-423A-971C-83B551119314}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{D9F2A1BC-D7B5-463B-ADC8-1A6075F9DF27}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
"{DDECFC1A-943C-475A-86AC-067A006AEF12}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{E28D6D66-006A-4203-A945-B8A64316DF76}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{E33715D5-3E44-4CC4-9F02-4ECBF1025D1B}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe |
"{E5D6ED64-624A-469F-AD48-71DEB0573012}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{E9A58426-59F6-4D48-8290-41AC89E55B90}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{EDFE95DC-538D-4A77-9F86-036EAF0F008C}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{EE09F0B4-345E-4322-BF69-C755E66CA07A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F77C497B-598A-4494-B8B9-4074CE1DC9BF}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe |
"{FBEEBDA8-BD89-48CB-B267-6A4A9B6C8BEF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC017127-021E-4FB9-998F-568BEBB59D1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{FEEF4323-8E1C-49D7-B9EF-E3A7AB90AEE4}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{0478A597-5B05-5671-B594-27427A642AE5}" = CCC Help Chinese Traditional
"{07760C24-3C41-4C64-9A1D-1CF8D281060A}" = PG583_install_V6_1_32_36_vista
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0856323C-4103-4658-C5A8-FB16ED3079F5}" = Catalyst Control Center Localization Greek
"{08AD32A8-D704-4FC8-DB04-CA90A373D9C3}" = Catalyst Control Center Localization Portuguese
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08DEC21F-F7E5-46F9-81D1-3ED30BD3AEC9}" = CASIO USB Driver V1.2.2474.0623
"{0A23CBF1-CCB0-B411-6A7A-A177E376BF70}" = Catalyst Control Center Localization Danish
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E92F644-6E11-8FE3-1BFC-5DB09A79F9B3}" = CCC Help Japanese
"{0ECD1EB9-CBB5-09BA-5947-74CBDA3011FC}" = CCC Help Spanish
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{12EDCFD1-E000-F4F2-A3E6-A6C15D0F8A63}" = Catalyst Control Center Graphics Previews Vista
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{19BDBEDD-5264-29E1-1BFB-6F64FD943596}" = CCC Help Czech
"{1AFA55D1-EA04-9E87-4537-929E66B60D69}" = CCC Help Russian
"{1C028265-E8D7-751F-246F-9FD52CD237A8}" = Catalyst Control Center Localization Hungarian
"{1CCB52B9-FB58-0729-5C26-E8F8B3162043}" = Catalyst Control Center Core Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FA97774-2351-8DF4-7853-BEB20C726DFB}" = Catalyst Control Center Localization Russian
"{1FB9A0D0-DC5C-B75A-36EE-414706846CC2}" = Catalyst Control Center Localization Italian
"{20308457-CE7C-85A9-1B8F-6C521B2B4CCF}" = CCC Help Hungarian
"{213ABE23-10B9-F45F-DC87-63DACAD40C0D}" = Skins
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{24C7254F-C2D5-22FC-7C7C-F17E4894530E}" = CCC Help Italian
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java™ 6 Update 34
"{28FD3796-5271-EF11-DA27-2939ACA62515}" = CCC Help Greek
"{29456613-49DE-D48C-10E6-06AD36EEE3D7}" = CCC Help Norwegian
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{31C4615C-45C3-776C-AE54-9CE4B76E9DD1}" = CCC Help Korean
"{34C1AC91-2D4A-59C1-6875-B3692D1E0365}" = Catalyst Control Center Localization Chinese Standard
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4708942C-76A1-ECC8-5B3D-0D412D68DF24}" = Catalyst Control Center Localization Dutch
"{47247CC1-1221-9449-B4EF-8C9F6D02C1A0}" = CCC Help Swedish
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E084313-093F-5947-CEB9-DE41FD24EF1B}" = Catalyst Control Center Localization Czech
"{4F78B943-3CE1-410F-BC3A-FC65C3EB1F89}" = YUAN PE585QA Driver
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{51E2559D-F321-4B7A-81BE-0E7C168A4680}_is1" = Double Solitaire 2.00
"{52F4AC33-36D4-78D2-E694-7AAC07CD6C5A}" = Catalyst Control Center Graphics Light
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{59FD9D9B-29F9-7572-C2B1-30B65AB2BC29}" = Catalyst Control Center Localization Japanese
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5D51C5DC-3604-4C3B-981B-309340755447}" = Pantech Handset Driver
"{5D976966-B187-E4D5-5AF1-23C54556E173}" = CCC Help German
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD90C4B-89D3-5961-F13F-835E73DA1082}" = ccc-utility
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MergeModules
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77E9E367-C9B4-4A38-B7A8-32730EE8AC83}" = e-Sword
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BB493F6-1E56-4748-B3A3-D7B1FB6EE2FE}" = Motorola Mobile Drivers Installation 4.7.1
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{856D0363-1C0A-1562-46E7-A9ECABC8DF78}" = CCC Help Polish
"{86B32074-0F48-4CF9-BA4B-529B470FB47F}" = BlackBerry Desktop Software 5.0
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8CCFDB06-9B09-12D7-F1D4-1E22AC7583E0}" = Catalyst Control Center Localization Finnish
"{8D982E57-BF86-BEE7-3944-BD346EFE6A24}" = CCC Help Portuguese
"{8FAE8DE8-A63C-F5DE-D9F7-E011BBD44C32}" = CCC Help Turkish
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A0D21ABE-D004-5F89-4485-1BF4C7B3D66A}" = Catalyst Control Center Graphics Full Existing
"{A1570454-ED12-4050-A7AC-9282C7AFB23C}" = Window Shopper
"{A37978CF-6E03-238A-6571-7EA53B8FAE1B}" = Catalyst Control Center Localization Norwegian
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A830CA28-932E-6081-EEAA-31A6173DCA23}" = CCC Help Finnish
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A980B2A8-661F-35CD-4C3C-8EECE2F5F5D1}" = Catalyst Control Center Localization Korean
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF04309C-7CFC-C0F4-8A75-5135AF07FD1A}" = ccc-core-static
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B041ABD7-4A10-482a-A525-577A7AAD8EC7}" = C6200_Help
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B20A9F0F-9504-A107-E381-E956CE96EE86}" = Catalyst Control Center Localization Chinese Traditional
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B3BCCEC8-58B0-4B2A-0B25-2DF887F06E55}" = CCC Help Danish
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{B5CCC9F7-3D21-B444-7EB4-235C1E0AC551}" = CCC Help Dutch
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BC24FA40-8A7A-42FF-0B9A-5FB02E2A5536}" = CCC Help Thai
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C3FA280D-3AE4-43F3-AFB5-D459B36A05B7}" = Safe Eyes
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C7EEF2B9-8C16-4A04-B98D-B1A952A47E55}" = Linksys Wireless-G USB Network Adapter
"{CCA08326-B1CA-A2A7-10A1-EA1978847514}" = Catalyst Control Center Localization German
"{CCB9C4E1-3DF9-422F-AC78-A128F1610747}" = AVG 2012
"{CDD3ACE0-7C01-10C8-495D-831EB9375095}" = Catalyst Control Center Localization Thai
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6093905-1B7B-D236-2054-CC0B3E08B413}" = ATI Catalyst Install Manager
"{D7BFE046-4862-AF73-0FB9-E3723BDFDE40}" = CCC Help French
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DBED8673-81E5-7763-F3E5-887E43F2E428}" = CCC Help English
"{DC9A7C58-A8A8-0B6D-F1FA-6A35DE82A8E7}" = CCC Help Chinese Standard
"{DE3FECA8-82DD-B597-80EB-6236918FFABB}" = Catalyst Control Center Localization Polish
"{E16BEE5B-82E8-574E-786F-B21DC03E7091}" = Catalyst Control Center Localization Spanish
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E32DF02F-0C8F-DE2F-9E76-4EA3960D7083}" = Catalyst Control Center Localization Turkish
"{E8302B10-2762-1C24-596C-ED5FFBA1E041}" = Catalyst Control Center Localization French
"{E940B035-8220-4C6B-C064-D6E4424553FC}" = Catalyst Control Center Graphics Full New
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F73459A3-36B8-42e4-A982-AAF06A44D508}" = C6200_doccd
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FDF64A37-4842-48CD-A424-2C38444D36FD}" = LG Android Drivers
"{FE54D686-ACC0-42db-A46B-987A5B6D8325}" = C6200
"{FEA4C854-4B15-2FD3-BDE8-9654EC55AB72}" = Catalyst Control Center Localization Swedish
"Acer Assist" = Acer Assist
"Acer GameZone Console_is1" = Acer GameZone Console DTV 2.0.1.1
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2012
"BlackBerry_{86B32074-0F48-4CF9-BA4B-529B470FB47F}" = BlackBerry Desktop Software 5.0
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DB77CFA42983BD7D1CD0FB829CC6F71BEA49C472" = Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (08/19/2007 6.1.32.36)
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"Halsoft Backgammon" = Halsoft Backgammon
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{E9ED0801-253D-4FE9-AB20-F63DEFE72547}" = SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MotoConnect" = MotoConnect 1.1.31
"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360 Premier Edition
"PaperPort 6.5" = PaperPort 6.5
"PC Study Bible 3.0" = PC Study Bible 3.0
"Registry Fix_is1" = RegistryFix v8.0
"Scratch" = Scratch
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Visioneer 4400 Scanner" = Visioneer 4400 Scanner
"Voodoo Chat Client" = Voodoo Chat Client
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 5.1.0.880

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2012 10:19:15 PM | Computer Name = Mengmania | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/22/2012 10:19:15 PM | Computer Name = Mengmania | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5210

Error - 11/22/2012 10:19:15 PM | Computer Name = Mengmania | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5210

Error - 11/23/2012 7:51:48 PM | Computer Name = Mengmania | Source = WinMgmt | ID = 10
Description =

Error - 11/24/2012 9:49:57 PM | Computer Name = Mengmania | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/1/2012 10:06:42 PM | Computer Name = Mengmania | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 12.0.0.2213, time stamp 0x502052fb,
faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
0xc0000005, fault offset 0x41f70676, process id 0x26f4, application start time 0x01cdd024edf14300.

Error - 12/1/2012 10:17:10 PM | Computer Name = Mengmania | Source = WinMgmt | ID = 10
Description =

Error - 12/1/2012 10:22:35 PM | Computer Name = Mengmania | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 12/1/2012 11:48:14 PM | Computer Name = Mengmania | Source = WinMgmt | ID = 10
Description =

Error - 12/1/2012 11:49:12 PM | Computer Name = Mengmania | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Media Center Events ]
Error - 5/19/2012 11:12:42 PM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 1:04:47 AM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 2:43:24 AM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 4:31:35 AM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/20/2012 5:16:33 PM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/21/2012 12:04:58 AM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 1:59:16 AM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/22/2012 6:15:52 PM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 12:22:58 AM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2012 12:30:47 PM | Computer Name = Mengmania | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/22/2009 12:14:48 AM | Computer Name = Dorothy-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2997
seconds with 1380 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/23/2012 7:50:49 PM | Computer Name = Mengmania | Source = HTTP | ID = 15016
Description =

Error - 11/23/2012 7:52:36 PM | Computer Name = Mengmania | Source = Service Control Manager | ID = 7022
Description =

Error - 11/24/2012 4:11:22 PM | Computer Name = Mengmania | Source = Service Control Manager | ID = 7011
Description =

Error - 11/25/2012 7:00:31 PM | Computer Name = Mengmania | Source = Service Control Manager | ID = 7011
Description =

Error - 12/1/2012 10:12:18 PM | Computer Name = Mengmania | Source = DCOM | ID = 10010
Description =

Error - 12/1/2012 10:13:02 PM | Computer Name = Mengmania | Source = DCOM | ID = 10010
Description =

Error - 12/1/2012 10:15:59 PM | Computer Name = Mengmania | Source = HTTP | ID = 15016
Description =

Error - 12/1/2012 10:17:52 PM | Computer Name = Mengmania | Source = Service Control Manager | ID = 7022
Description =

Error - 12/1/2012 11:46:54 PM | Computer Name = Mengmania | Source = HTTP | ID = 15016
Description =

Error - 12/1/2012 11:49:09 PM | Computer Name = Mengmania | Source = Service Control Manager | ID = 7022
Description =


< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 01 December 2012 - 10:26 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
gringo_pr
Posted 05 December 2012 - 07:09 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
  • 0

#4
mengmania
Posted 05 December 2012 - 10:10 PM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Hi Gringo, I was just notified of your December 1st post...today. I don't see any action for me to take. I still need help.

Francie
  • 0

#5
mengmania
Posted 05 December 2012 - 10:18 PM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I re-read. Am following your instructions and will post soon. Thank you!
  • 0

#6
mengmania
Posted 05 December 2012 - 10:21 PM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Results of screen317's Security Check version 0.99.56
Windows Vista Service Pack 1 x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360 Premier Edition
AVG Internet Security 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 34
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.183.7 Flash Player out of Date!
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 16.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Empowering Technology eSettings Service capuserv.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
  • 0

#7
mengmania
Posted 05 December 2012 - 10:25 PM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
# AdwCleaner v2.011 - Logfile created 12/05/2012 at 20:21:18
# Updated 02/12/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : Lively Stone - MENGMANIA
# Boot Mode : Normal
# Running from : C:\Users\Lively Stone\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A69A551A-1AAE-4B67-8C2E-52F8B8A19504}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKU\S-1-5-21-1715165501-2973441331-4081418135-501\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19088

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110530&user_guid=2D06D5D558104910A5A96FB1E8E5F7BA&machine_id=6892cfffcea2b7fb951cbce07fd85682&browser=IE&os=win&os_version=6.0-x86-SP1 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Dorothy\AppData\Roaming\Mozilla\Firefox\Profiles\psmcmcp8.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\prefs.js

C:\Users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Lively Stone\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3361 octets] - [05/12/2012 20:21:18]

########## EOF - C:\AdwCleaner[S1].txt - [3421 octets] ##########
  • 0

#8
mengmania
Posted 05 December 2012 - 10:32 PM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
RogueKiller V8.3.1 [Dec 5 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Lively Stone [Admin rights]
Mode : Remove -- Date : 12/05/2012 20:31:00

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] RtHDVCpl.exe -- C:\Windows\RtHDVCpl.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[13] : NtAlertResumeThread @ 0x822E2EE9 -> HOOKED (Unknown @ 0x86A615B0)
SSDT[14] : NtAlertThread @ 0x82248305 -> HOOKED (Unknown @ 0x86A61690)
SSDT[18] : NtAllocateVirtualMemory @ 0x8227FE68 -> HOOKED (Unknown @ 0x86A61F80)
SSDT[21] : NtAlpcConnectPort @ 0x822394F3 -> HOOKED (Unknown @ 0x8699ED00)
SSDT[42] : NtAssignProcessToJobObject @ 0x8220D211 -> HOOKED (Unknown @ 0x86A62CE0)
SSDT[67] : NtCreateMutant @ 0x82283F77 -> HOOKED (Unknown @ 0x86A61300)
SSDT[77] : NtCreateSymbolicLinkObject @ 0x822263FB -> HOOKED (Unknown @ 0x86A62A00)
SSDT[78] : NtCreateThread @ 0x822E1560 -> HOOKED (Unknown @ 0x86AA0618)
SSDT[116] : NtDebugActiveProcess @ 0x822B4AD8 -> HOOKED (Unknown @ 0x86A62E28)
SSDT[129] : NtDuplicateObject @ 0x82247231 -> HOOKED (Unknown @ 0x86AA0360)
SSDT[147] : NtFreeVirtualMemory @ 0x820DECE7 -> HOOKED (Unknown @ 0x86A61DC0)
SSDT[156] : NtImpersonateAnonymousToken @ 0x82208257 -> HOOKED (Unknown @ 0x86A613F0)
SSDT[158] : NtImpersonateThread @ 0x8221A980 -> HOOKED (Unknown @ 0x86A614D0)
SSDT[165] : NtLoadDriver @ 0x821BCAD0 -> HOOKED (Unknown @ 0x8699EC88)
SSDT[177] : NtMapViewOfSection @ 0x82271AFE -> HOOKED (Unknown @ 0x86A61CC0)
SSDT[184] : NtOpenEvent @ 0x82233451 -> HOOKED (Unknown @ 0x86A61220)
SSDT[195] : NtOpenProcessToken @ 0x8225A67B -> HOOKED (Unknown @ 0x86AA02A0)
SSDT[197] : NtOpenSection @ 0x82275BA2 -> HOOKED (Unknown @ 0x86A61060)
SSDT[201] : NtOpenThread @ 0x8224F57A -> HOOKED (Unknown @ 0x86AA0430)
SSDT[210] : NtProtectVirtualMemory @ 0x82283C7E -> HOOKED (Unknown @ 0x86A62BF0)
SSDT[282] : NtResumeThread @ 0x8224E924 -> HOOKED (Unknown @ 0x86A61770)
SSDT[289] : NtSetContextThread @ 0x822E2233 -> HOOKED (Unknown @ 0x86A61A10)
SSDT[305] : NtSetInformationProcess @ 0x82281A24 -> HOOKED (Unknown @ 0x86A61AF0)
SSDT[317] : NtSetSystemInformation @ 0x82244722 -> HOOKED (Unknown @ 0x86A62F08)
SSDT[330] : NtSuspendProcess @ 0x822E2E23 -> HOOKED (Unknown @ 0x86A61140)
SSDT[331] : NtSuspendThread @ 0x8229FCEA -> HOOKED (Unknown @ 0x86A61850)
SSDT[348] : NtUnmapViewOfSection @ 0x82272155 -> HOOKED (Unknown @ 0x86A61BE0)
SSDT[382] : NtCreateThreadEx @ 0x8224EF82 -> HOOKED (Unknown @ 0x86A62AF0)
S_SSDT[317] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x86E95610)
S_SSDT[442] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x86EF90E8)
S_SSDT[479] : NtUserMessageCall -> HOOKED (Unknown @ 0x86003B30)
S_SSDT[497] : NtUserPostMessage -> HOOKED (Unknown @ 0x86F42D20)
S_SSDT[498] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x86003C00)
S_SSDT[576] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x86F41928)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200AAJS-22VWA0 ATA Device +++++
--- User ---
[MBR] 144bbb2a1665218cb4de0dea50eaaed1
[BSP] a557ab961ffb619c465ea7674305f6ff : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 9993 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 20467712 | Size: 147757 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 323074048 | Size: 147493 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_12052012_02d2031.txt >>
RKreport[1]_S_12052012_02d2030.txt ; RKreport[2]_D_12052012_02d2031.txt
  • 0

#9
gringo_pr
Posted 06 December 2012 - 06:17 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#10
mengmania
Posted 09 December 2012 - 01:27 AM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix 12-12-07.01 - Lively Stone 12/08/2012 23:09:50.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.917 [GMT -8:00]
Running from: c:\users\Lively Stone\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton 360 Premier Edition *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton 360 Premier Edition *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Dorothy\AppData\Roaming\.#
c:\windows\~GLH0032.TMP
c:\windows\~GLH0033.TMP
c:\windows\~GLH0034.TMP
c:\windows\~GLH0035.TMP
.
.
((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 )))))))))))))))))))))))))))))))
.
.
2012-12-09 07:21 . 2012-12-09 07:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-09 07:21 . 2012-12-09 07:21 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-09 07:21 . 2012-12-09 07:21 -------- d-----w- c:\users\Dorothy\AppData\Local\temp
2012-11-19 00:41 . 2012-11-19 01:19 -------- d-----w- c:\users\Guest\AppData\Local\Spotify
2012-11-19 00:41 . 2012-12-05 06:15 -------- d-----w- c:\users\Guest\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 22:06 . 2012-12-06 22:06 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-01-23 34552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2011-12-24 1628944]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Lively Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-01-26 02:49 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\System32\icf.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e123b66&i=23&tp=ab&nt=1&q=
FF - ExtSQL: 2012-12-06 12:05; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-02-09 05:59; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-08 23:22
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-12-08 23:25:46
ComboFix-quarantined-files.txt 2012-12-09 07:25
.
Pre-Run: 62,466,736,128 bytes free
Post-Run: 62,704,353,280 bytes free
.
- - End Of File - - 9275BAAFCA4CB40BC6AEB774480F474F

Hi Gringo, I didn't have any problems that I'm aware of, and everything seems to be working fine.

Francie
  • 0

Advertisements

#11
gringo_pr
Posted 09 December 2012 - 01:45 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#12
mengmania
Posted 10 December 2012 - 12:35 AM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
ComboFix 12-12-07.01 - Lively Stone 12/09/2012 22:13:09.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1791.1009 [GMT -8:00]
Running from: c:\users\Lively Stone\Desktop\ComboFix.exe
Command switches used :: c:\users\Lively Stone\Desktop\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Norton 360 Premier Edition *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
FW: Norton 360 Premier Edition *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Norton 360 Premier Edition *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))
.
.
2012-12-10 06:26 . 2012-12-10 06:26 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-12-10 06:26 . 2012-12-10 06:26 -------- d-----w- c:\users\Dorothy\AppData\Local\temp
2012-12-10 06:26 . 2012-12-10 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-10 06:26 . 2012-12-10 06:26 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-11-19 00:41 . 2012-11-19 01:19 -------- d-----w- c:\users\Guest\AppData\Local\Spotify
2012-11-19 00:41 . 2012-12-05 06:15 -------- d-----w- c:\users\Guest\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-06 22:06 . 2012-12-06 22:06 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 10:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-06-16 6276408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-01-23 34552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2008-01-10 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-01-03 521776]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-10-15 3387392]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ICF"="c:\program files\Internet Content Filter\SafeEyes.exe" [2011-12-24 1628944]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 159456]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
.
c:\users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\users\Lively Stone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2008-2-26 535336]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-01-26 02:49 204908 ----a-w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://en.us.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\System32\icf.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lively Stone\AppData\Roaming\Mozilla\Firefox\Profiles\hl4h34av.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/?d=4e123b66&i=23&tp=ab&nt=1&q=
FF - ExtSQL: 2012-12-06 12:05; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\coFFPlgn_2011_7_13_2
FF - ExtSQL: !HIDDEN! 2009-09-02 03:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-02-09 05:59; [email protected]; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 22:26
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\5.2.2.3\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\5.2.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5332)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\ieframe.dll
c:\program files\Adobe\Reader 8.0\Reader\viewerps.dll
c:\windows\System32\netshell.dll
.
Completion time: 2012-12-09 22:28:50
ComboFix-quarantined-files.txt 2012-12-10 06:28
ComboFix2.txt 2012-12-09 07:25
.
Pre-Run: 63,709,388,800 bytes free
Post-Run: 63,687,700,480 bytes free
.
- - End Of File - - 3A31EBCDB75A204CCD015FDBB4378AEF
  • 0

#13
mengmania
Posted 10 December 2012 - 12:36 AM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
I had to reboot as Firefox wouldn't open. I'd click on it, and it would say it was scheduled to be deleted so couldn't open. Once I rebooted it was fine.

Francie
  • 0

#14
gringo_pr
Posted 10 December 2012 - 01:46 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#15
mengmania
Posted 12 December 2012 - 06:55 PM

mengmania

    Member

  • Topic Starter
  • Member
  • PipPip
  • 78 posts
Here you go:

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer DVDivine
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop CS6
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
AVG 2012
Azada
Backspin Billiards
BlackBerry Desktop Software 5.0
Bonjour
Bookworm Deluxe
Bricks of Egypt
BufferChm
C6200
C6200_doccd
C6200_Help
CASIO USB Driver V1.2.2474.0623
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DocProc
DocProcQFolder
Double Solitaire 2.00
e-Sword
eSobi v2
eSupportQFolder
Fax
ffdshow [rev 2527] [2008-12-19]
Flip Words 2
GoToMeeting 5.1.0.880
Halsoft Backgammon
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP OCR Software 9.0
HP Photosmart All-In-One Software 9.0
HP Photosmart Essential 2.01
HP Photosmart Essential2.01
HP Product Assistant
HP Smart Web Printing 4.60
HP Solution Center 9.0
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
iTunes
Japanese Fonts Support For Adobe Reader 8
Java Auto Updater
Java™ 6 Update 34
Jewel Quest Solitaire
Kick N Rush
LG Android Drivers
LG USB Modem driver
LightScribe 1.4.142.1
Linksys Wireless-G USB Network Adapter
Mahjong Escape Ancient China
Mahjongg Artifacts
MarketResearch
MergeModules
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MotoConnect 1.1.31
Motorola Mobile Drivers Installation 4.7.1
Motorola SM56 Speakerphone Modem
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Solitaire - Secret Island
Norton 360 Premier Edition
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
OGA Notifier 2.0.0048.0
PanoStandAlone
Pantech Handset Driver
PaperPort 6.5
PC Study Bible 3.0
PDF Settings CS6
PG583_install_V6_1_32_36_vista
PS_AIO_02_ProductContext
PS_AIO_02_Software
PS_AIO_02_Software_min
PSSWCORE
Quicken 2007
QuickTime
Realtek High Definition Audio Driver
RegistryFix v8.0
Safe Eyes
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Scan
Scratch
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skins
SmartWebPrinting
SolutionCenter
Status
Toolbox
TrayApp
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VideoToolkit01
Visioneer 4400 Scanner
Voodoo Chat Client
WebReg
Window Shopper
Windows Driver Package - YUAN High-Tech Development Co. Ltd. (OmniTV) Media (08/19/2007 6.1.32.36)
Windows Media Player Firefox Plugin
Windows Mobile Device Updater Component
Yahoo! Messenger
Yahoo! Software Update
YUAN PE585QA Driver
Zuma Deluxe
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP