Laptop realy slow and wont load most sites AVG not running as well!!! [Archive]

View Full Version : Laptop realy slow and wont load most sites AVG not running as well!!!

fatcodycat

2013-08-14, 22:30

Hello

Noticed a few days ago that my AVG was switched off - I don't know how long this has been off for- and I cant switch it back on again or update it!

I have had a fiddle... and ran Combofix and this dose not appeared to have helped - I now know that I should of not done the Combofix until instructed to do so sorry.

I am unable to download the DDS and MBR program so I downloaded them onto a SD card from my wifes computer and ran them from the CD drive.

Strangely enough the Windows defender program is now showing as running (I did try to turn it on but it would not let me) it now appears to be running??? (or not)

I just don't know what it going on as I can still play world of tanks and world of warplanes but none of my shortcuts work above internet explorer and my back arrow dose not let go back to the previous page!!

thanks in advance.

DDS Log

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660
Run by steves at 21:02:50 on 2013-08-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4028.2001 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
C:\Users\steves\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\steves\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uProxyOverride = <local>
uURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
BHO: Slick Savings: {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\steves\AppData\Roaming\Slick Savings\Coupons.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL
uRun: [Akamai NetSession Interface] "C:\Users\steves\AppData\Local\Akamai\netsession_win.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
StartupFolder: C:\Users\steves\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TMMONI~1.LNK - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\244575966496 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\244575966496D277964786D264F4E4 : DHCPNameServer = 192.168.22.22 192.168.22.23
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\35B4954413535343 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\374756675637D286F647D23707F647 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\C416572716370286F6473707F647132333 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}\F54586560234C6F65746 : DHCPNameServer = 10.1.5.153 10.1.5.154
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3
x64-Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-7-10 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-11-24 98208]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-1-29 87368]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-24 13336]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-2-1 1900728]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-4-5 167424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-7-14 1153368]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-23 378984]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-9-19 1157056]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-9-19 248248]
R2 WDRulesService;WD Rules;C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-9-19 1177536]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-5-31 7689216]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-10 181760]
R3 qicflt;upper Device Filter Driver;C:\Windows\System32\drivers\qicflt.sys [2010-7-2 29288]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-2 33736]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
S3 IT9135BDA;WinFast DTV Dongle Dual Devices;C:\Windows\System32\drivers\IT9135BDA.sys [2011-1-10 139392]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-15 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-11-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2012-9-19 14464]
.
=============== File Associations ===============
.
FileExt: .jse: JSEFile=C:\Windows\SysWow64\CScript.exe "%1" %*
FileExt: .wsf: WSFFile=C:\Windows\SysWow64\CScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2013-08-14 10:38:09 224256 ----a-w- C:\Windows\System32\wintrust.dll
2013-08-14 10:38:09 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-08-14 10:38:09 1472512 ----a-w- C:\Windows\System32\crypt32.dll
2013-08-14 10:38:09 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-08-14 10:38:07 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-08-14 10:38:07 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-08-14 10:38:07 139776 ----a-w- C:\Windows\System32\cryptnet.dll
2013-08-14 10:38:07 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-08-14 10:36:26 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-08-14 10:15:43 9460976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D49F91BE-F3A8-44D3-B663-E70EFABFD88A}\mpengine.dll
2013-08-12 13:28:48 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-12 12:43:17 98816 ----a-w- C:\Windows\sed.exe
2013-08-12 12:43:17 256000 ----a-w- C:\Windows\PEV.exe
2013-08-12 12:43:17 208896 ----a-w- C:\Windows\MBR.exe
2013-08-12 12:43:13 -------- d-s---w- C:\ComboFix
2013-08-12 06:52:49 -------- d-----w- C:\Program Files (x86)\ESET
2013-08-07 19:19:40 -------- d-----w- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
2013-08-03 19:57:58 -------- d-----w- C:\Windows\System32\MRT
2013-07-27 15:04:47 -------- d-----w- C:\Users\steves\AppData\Roaming\Slick Savings
2013-07-27 15:04:47 -------- d-----w- C:\Users\steves\AppData\Local\Slick Savings
2013-07-20 00:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-20 00:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-20 00:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-20 00:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
==================== Find3M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-21 08:52:03 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-21 08:52:03 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-10 00:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-01 00:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll
2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 21:03:22.21 ===============

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-14 21:05:49
-----------------------------
21:05:49.967 OS Version: Windows x64 6.1.7601 Service Pack 1
21:05:49.967 Number of processors: 8 586 0x1E05
21:05:49.967 ComputerName: STEVES-PC UserName: steves
21:05:53.508 Initialize success
21:07:53.593 AVAST engine defs: 13081401
21:08:19.037 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:08:19.037 Disk 0 Vendor: WDC_WD75 01.0 Size: 715404MB BusType: 3
21:08:19.037 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
21:08:19.037 Disk 1 Vendor: ( Size: 7580MB BusType: 12
21:08:19.131 Disk 0 MBR read successfully
21:08:19.131 Disk 0 MBR scan
21:08:19.146 Disk 0 Windows 7 default MBR code
21:08:19.193 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:08:19.302 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848
21:08:19.536 Disk 0 scanning C:\Windows\system32\drivers
21:08:30.862 Service scanning
21:09:02.811 Modules scanning
21:09:02.826 Disk 0 trace - called modules:
21:09:02.842 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:09:02.857 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d75790]
21:09:02.857 3 CLASSPNP.SYS[fffff88001b6243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ada050]
21:09:05.899 AVAST engine scan C:\Windows
21:09:12.202 AVAST engine scan C:\Windows\system32
21:16:00.267 AVAST engine scan C:\Windows\system32\drivers
21:16:18.847 AVAST engine scan C:\Users\steves
21:19:16.500 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
21:19:16.531 The log file has been saved successfully to "E:\aswMBR.txt"

ken545

2013-08-15, 02:11

:welcome:

Go here (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and download AdwCleaner to your desktop

Double click on AdwCleaner.exe to run the tool.
Click on Delete
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

http://i24.photobucket.com/albums/c30/ken545/AdwareCleaner.jpg

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop

shut down your protection software now to avoid potential conflicts.
run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
the tool will open and start scanning your system
please be patient as this can take a while to complete depending on your system's specifications
on completion, a log (JRT.txt) is saved to your desktop and will automatically open
post the contents of JRT.txt into your next message.

Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Right-click and Run as Administrator mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM-2.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

fatcodycat

2013-08-15, 08:24

hello

many thanks for the help.

I had to down load the programs to a SD card again and run from there.

logs below

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 07:15:16
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : steves - STEVES-PC
# Boot Mode : Normal
# Running from : E:\AdwCleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2661 octets] - [15/08/2013 07:02:35]
AdwCleaner[R2].txt - [2010 octets] - [15/08/2013 07:15:16]

########## EOF - C:\AdwCleaner[R2].txt - [2070 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Home Premium x64
Ran by steves on 15/08/2013 at 7:04:46.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstallerstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2504091
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}

~~~ Files

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
steves :: STEVES-PC [administrator]

Protection: Enabled

15/08/2013 07:18:19
mbam-log-2013-08-15 (07-18-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 235300
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} (PUP.Optional.Spigot) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\steven\Downloads\SetupImgBurn_2.5.5.0.exe (PUP.Optional.AskToolbar) -> Quarantined and deleted successfully.

(end)

ken545

2013-08-15, 11:04

Great, things running any better ?

OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

fatcodycat

2013-08-15, 13:53

Hello

OTL.txt below

OTL logfile created on: 15/08/2013 12:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.09% Memory free
7.87 Gb Paging File | 5.41 Gb Available in Paging File | 68.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 115.16 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 6.63 Gb Free Space | 89.71% Space Free | Partition Type: FAT32

Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 0E 57 37 8C CA CD 01 [binary data]
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes,DefaultScope = {70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\steves\AppData\Local\Roblox\Versions\version-5fd8234dbfe247fe\\NPRobloxProxy.dll ()

O1 HOSTS File: ([2013/08/14 17:16:03 | 000,450,694 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15467 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Akamai NetSession Interface] C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe (PLX Technology)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 07:17:13 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Malwarebytes
[2013/08/15 07:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/15 07:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/15 07:16:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/15 07:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/15 07:04:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/14 11:59:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/14 11:59:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/14 11:59:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/14 11:59:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/14 11:59:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/14 11:59:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/14 11:59:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/14 11:59:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/14 11:59:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/14 11:59:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/14 11:59:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 11:59:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/14 11:59:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 11:38:09 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 11:38:09 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 11:38:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 11:37:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 11:37:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 11:37:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 11:37:38 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 11:37:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 11:37:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 11:37:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 11:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 11:37:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 11:37:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 11:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/12 14:28:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/12 13:43:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/12 13:43:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/12 13:43:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/12 13:43:13 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/08/12 13:43:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/12 13:42:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/12 13:42:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/08/12 07:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/11 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/10 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\Kindle books
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\Documents\ArmA 2 OA Demo
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
[2013/08/06 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\MORGAGE
[2013/08/03 20:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/31 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\config
[2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Slick Savings
[2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\Slick Savings
[2013/07/21 19:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/15 12:32:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:32:12 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/15 12:24:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/15 12:23:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/15 12:23:43 | 3168,043,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/15 07:45:05 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/15 07:16:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/15 06:51:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/14 20:59:44 | 000,001,108 | ---- | M] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/14 20:59:33 | 000,000,928 | ---- | M] () -- C:\Users\steves\Desktop\NTREGOPT.lnk
[2013/08/14 20:59:33 | 000,000,909 | ---- | M] () -- C:\Users\steves\Desktop\ERUNT.lnk
[2013/08/14 17:16:03 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/14 11:56:33 | 000,741,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/14 11:56:33 | 000,620,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/14 11:56:33 | 000,110,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/12 12:15:26 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup
[2013/08/11 12:46:10 | 000,217,600 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/08/11 12:46:10 | 000,176,128 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/08/09 10:22:41 | 000,001,354 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Player.lnk
[2013/08/09 10:22:41 | 000,001,173 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Studio 2013.lnk
[2013/08/07 19:08:40 | 000,000,221 | ---- | M] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/30 17:53:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/27 16:04:47 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/26 06:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/26 06:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/26 06:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/26 06:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/26 06:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/26 06:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/26 06:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/26 04:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/26 04:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/26 04:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/26 04:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/26 04:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/26 03:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/26 02:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 10:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/21 19:15:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/21 16:18:51 | 000,512,825 | ---- | M] () -- C:\Users\steves\Desktop\FTB_Launcher.exe
[2013/07/21 09:52:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 09:52:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/15 07:16:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 20:59:44 | 000,001,108 | ---- | C] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/14 20:59:33 | 000,000,928 | ---- | C] () -- C:\Users\steves\Desktop\NTREGOPT.lnk
[2013/08/14 20:59:33 | 000,000,909 | ---- | C] () -- C:\Users\steves\Desktop\ERUNT.lnk
[2013/08/12 13:43:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/12 13:43:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/12 13:43:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/12 13:43:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/12 13:43:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/07 19:08:39 | 000,000,221 | ---- | C] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/31 12:04:06 | 000,217,600 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/07/31 12:04:06 | 000,176,128 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/07/30 17:53:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/27 16:04:47 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/07/21 19:15:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/02/04 19:31:57 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/04 19:31:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/25 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\.minecraft
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\AVG2012
[2012/11/25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Azureus
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\CompuClever
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\FreeAudioPack
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ImgBurn
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\InfraRecorder
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\iScreensaver
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\NCH Swift Sound
[2012/06/20 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Outlook
[2012/11/25 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\SoftGrid Client
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ssmci
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Temp
[2011/03/08 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\TP
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\wargaming.net
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Windows Live Writer
[2013/08/11 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\.minecraft
[2012/11/25 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\AVG2013
[2013/08/10 22:45:20 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Azureus
[2013/02/03 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Firefly Studios
[2013/07/21 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\ftblauncher
[2013/04/05 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC
[2013/04/05 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC Sync
[2013/07/27 16:04:47 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Slick Savings
[2012/11/25 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\TuneUp Software
[2013/06/28 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\uTorrent
[2013/05/28 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Wargaming.net

========== Purity Check ==========

< End of report >

fatcodycat

2013-08-15, 13:56

OTL extra.txt

OTL Extras logfile created on: 15/08/2013 12:33:50 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 51.09% Memory free
7.87 Gb Paging File | 5.41 Gb Available in Paging File | 68.76% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 115.16 Gb Free Space | 16.49% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 6.63 Gb Free Space | 89.71% Space Free | Partition Type: FAT32

Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\CScript.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\SysWow64\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C177416-BE7F-401A-8DA7-A4F55F6C07C4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2F2DA54B-9103-4F06-98A8-4295063742ED}" = rport=137 | protocol=17 | dir=out | app=system |
"{3DF6EFC1-1510-4A8C-961E-4FF92C8B1493}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E26A568-7CC5-4571-9F3A-4380CCBDD780}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3E38527A-F64F-48A7-BF23-4A7212B9FE4D}" = lport=137 | protocol=17 | dir=in | app=system |
"{40160300-F624-480D-8864-4612A4377CCE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{41A4D8BD-C02C-4439-9B04-E34BD5C7D54E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{42644C3E-7E0C-4E90-85F6-5F4B736CD38F}" = rport=138 | protocol=17 | dir=out | app=system |
"{4548D47A-B908-44F9-BC74-E46557F2798D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E36B8CB-1963-4A7C-9CF4-74AAEF1A6E07}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{505EB431-94AF-462E-BD21-6089F712D88C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{618B8C4F-A898-4FA0-A4F4-555E73339A1D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62ED8CDF-8208-4E15-A503-895F5CCD82EA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{66F10385-6C72-4342-9EE6-46F10FDE8965}" = lport=138 | protocol=17 | dir=in | app=system |
"{6765BA69-5EC1-4EAE-8C35-F584357C00F2}" = lport=445 | protocol=6 | dir=in | app=system |
"{77AA821E-994C-49AC-A387-21C9E6B40A84}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7930DE88-8C6F-4B66-B8DA-45543F0A7FBE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7EFBB4E6-1BBA-45AC-916B-6B5111B4F349}" = lport=139 | protocol=6 | dir=in | app=system |
"{A255F079-009E-422F-95E6-8A8EC9E99F97}" = rport=139 | protocol=6 | dir=out | app=system |
"{BDEE3A65-1C3D-40C1-9660-E16EDEE49D0A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C131DB7F-3A90-43DE-88AF-B5DE59237363}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{CCF30E0C-BC74-414A-BF80-A4F4CDC7601A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EB217BAA-BD28-4757-ACD8-3198BB2D73AF}" = rport=445 | protocol=6 | dir=out | app=system |
"{FD1308CF-4761-4CD4-9A42-214A2F40C161}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0325170F-26C8-4900-8783-1DAB30F9DA1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{04F22435-685B-4421-B0C2-7036013A4898}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0630AC47-6BCB-4030-AE2B-A78D1C3740FD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{07542E7D-16D0-43AB-A60D-776A11D3D952}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{0AA93831-8F9C-43F5-8167-9FD1F0E03ACD}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{0D71D33A-6C10-4EDD-ACC8-A2A0CCF920D5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{0EB59C08-A6E9-473A-B7E5-7104ED278C32}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1C378189-1336-46FD-B4E7-E95D6A7E8C28}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{1FECA3C9-B329-4513-B86C-6AC2256A03E6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{21C5E38F-9DE3-4037-9CBD-5789DDD09334}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{2459142A-5F95-482A-9E67-1D4CAA240B27}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{283CFDEE-5387-4962-B05C-231E487098FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{299FFD1D-731B-4231-855E-3A1F34728BE1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{29FC8039-E1EB-4AE2-A91F-679FD56D128A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{2FB0DB73-294B-4E88-806C-CDA6DF6222F3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2FCB9ECA-622D-4495-AA38-28D1CC7DCF90}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{3700F159-C044-4667-B127-69CE76EFF211}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{383EF20B-B123-4DD6-863F-CFD8EF0B699C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{38C586E3-8434-41C5-9B00-E82DAA51C63B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3A9A6608-47A2-4C9C-AE27-4E90C68BB927}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{3B2EE5F8-664E-489B-8E79-1FB8DBC3ADD7}" = protocol=17 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{3CA38A24-54D2-4BFB-9FC9-EAE7946A172C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{3F038E27-10D0-47DB-8422-79A2453E29A7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
"{4118EC25-0A9E-479C-ABC9-5AA22FEEB882}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arcticcombat\gamelauncher_gp\mappingaccount.exe |
"{41E3FDB2-42C9-4B5F-B820-0E1B7617C873}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe |
"{4285073E-D14A-4D30-B36B-70A79B4CD502}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{472BC1CD-F9EE-423D-959E-7ABF5772F5F3}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{48ED5C02-0D4D-4257-82E2-03C2BD037FE8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{4A17F36E-68BB-4FD1-9D2F-1136427297A6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4B2E7231-107F-4857-8D4E-94ECBA31B14F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5080C592-E7A1-426B-A30A-DF3B637E26C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{550BFDA4-98CC-4452-85BC-4AF0C41C3502}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{559AD0BF-1121-4802-AD33-C11F61FB3169}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{5B7CEE2C-47DD-47E6-8F18-52418463B907}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{5DACE858-B65F-42E6-A960-E992E565928D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{5EB8D6A5-4314-4119-8F06-923343D52FD2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{5F2D2596-0B08-41DE-8C43-A8035A5FD521}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{5F2DAC03-C0C8-4DCE-BE74-4522154DEE47}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\apb.exe |
"{674CDE8F-4BE0-41E8-8043-3C5F7FDDB9B5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{682774E6-4170-4B14-8D05-49B8A201116C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
"{68B85203-3C56-4E27-B4D2-B77A23E434FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{6A81DE7F-C888-48CC-9F26-6988E61C521C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7B57360D-07C0-495E-9BEA-955AFF3DA4D4}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{7DD9DF57-41F6-4335-A960-B97C0FDC0A8B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8954ADAA-CB5D-4973-8929-C79FEAE9442B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\apb reloaded\binaries\vivoxvoiceservice.exe |
"{8A30A1D2-53F3-4D60-A453-22BB090E9667}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{8F22C156-AA1D-4551-B8B7-D33B2B8CCE94}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{96DDEE74-B7C7-4C7F-8894-415FDE463D75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{97FAB04F-CD21-443C-AE66-9CE79AA7411F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{9AF3B55A-6CD1-4539-8AEC-EAF84AB6DA7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A48F2AA3-EB2F-456A-8BDE-49E2AAD8F4E0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{A7425D71-6CF4-43F8-AE50-4AA07FF28536}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead demo\arma2oa_demo.exe |
"{AEAFD3FB-7C25-439F-B43F-B0B787919152}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{AF9D8C71-B1B3-4544-8F3A-44CECB75A938}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B07CF0DF-7BD7-4CE3-8B1A-771CA5B9FC53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B2975E86-B18F-4FB9-BADD-9BA1E8689892}" = protocol=6 | dir=in | app=c:\program files (x86)\arcsoft\totalmedia 3.5\totalmedia.exe |
"{B647FBB5-85FE-432C-9FFB-CB02EFBE8DF6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BAA82818-7693-4C2A-B237-563182F18399}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
"{BB1D1E2D-D74C-4803-8768-2AF79455B1E7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the walking dead\walkingdead101.exe |
"{BC67B4E7-144C-4FA1-AB83-4F39A4E7948F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BF7C7594-10DE-447E-AF8B-28442D0D693D}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{C17BC2E8-CCDA-444F-952D-807C673277D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C2B0C40D-267F-4009-A293-C4939765B47F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C2CB6172-CA21-4336-8669-87FD8FB6C043}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C9F7B549-BF0B-4918-92FC-DEFE748C1C6F}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{CB3AEB39-3E6D-4C48-8AA2-37CF4A7407C6}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D6B280B0-0F31-4F82-9FAB-063D715AEE0D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{D7C931C9-AD2F-41AB-ADC2-F292C29A8748}" = protocol=6 | dir=out | app=system |
"{D7CFEC10-ACB4-4703-BED1-978FCEB00EBE}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{DC8D688C-8732-4C9C-82F2-2EEAE3DEDAAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DDA7F8BF-2592-4BD0-AD75-65A7FDFD1C83}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
"{DE40352F-3C15-4879-9CE5-845478AE4D22}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DEE5BF99-4FCF-4DBE-88C0-42A08C93767E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{E47399C4-79F2-4A13-BE9F-C606CFAE1752}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{EC0AE1EB-593B-44FD-B084-A947F4A7E731}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe |
"{F8E04977-23C1-4D45-8286-DF083593CB22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FE462E0F-1D08-4E93-BDFE-C659B315CD6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFB5C093-0728-4391-AE30-EDC793848ABD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"TCP Query User{21D7DA48-2922-49F3-9D00-79B8BB96FC19}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"TCP Query User{3C0F55E6-4591-428E-BD38-C1362425797A}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{484D7C95-643B-4BA3-89BE-C163E35D1FCD}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"TCP Query User{5DB47477-1FE8-47F3-8599-53F6131CEB2D}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=6 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"TCP Query User{6045AC0E-472C-4E97-990A-4E5F4DB4CA92}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{7960ED44-C0C7-47E5-B138-4E77343FF5AE}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{919B6CBF-6494-4625-A5EE-F51C198B362E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{91EAC839-4185-42D0-9D50-11C371B2C14A}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{9A238C37-8326-448D-9F00-ED02C30056C7}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"TCP Query User{A5825FDB-6757-4080-B6C7-923145947CDF}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{ED16C298-C4F4-4920-B230-37AB5A77EF7E}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{F637E4C4-E3F0-47C3-BCF3-14A4DC036314}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1CB39CDD-9FB1-4247-BC5C-EE973740EBF6}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"UDP Query User{1F98E516-B7E7-4FD7-9BE7-65494118C1D0}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{65537A5C-E932-4D44-BD04-E0F30B8899A2}C:\games\world_of_warplanes\wowplauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\wowplauncher.exe |
"UDP Query User{69251C5D-8132-43A4-84AF-F7461F7CC235}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{79EC218F-99B1-48BE-ACD1-18728A61DAAC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{80559A94-E2C6-4ACC-A770-77E7F8F0717E}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{974A5532-D398-4B59-BF42-18D1A68A1CB4}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{ACCC6BEC-3838-46BE-B132-7FA37CA69598}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{BD17CD03-B473-4A1D-B869-7CF15033DB5C}C:\games\world_of_warplanes\worldofwarplanes.exe" = protocol=17 | dir=in | app=c:\games\world_of_warplanes\worldofwarplanes.exe |
"UDP Query User{C70A51A0-3087-47C6-AC4E-A65293F5F443}C:\users\steves\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\steves\appdata\local\akamai\netsession_win.exe |
"UDP Query User{D9A006DF-4DAF-4475-A0C9-10E19F6861B3}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{F23FFCE7-28FF-45DC-AF1C-35F2533ED812}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{578831A8-CB47-471F-A552-907EC3E9E040}" = Iomega Encryption
"{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}" = WD SmartWare
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.39
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 266.39
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}" = WinZip 17.0
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"{E74BF83C-2CA5-48EF-901F-959309E7D9EC}" = AVG 2013
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08208143-777D-4A06-BB54-71BF0AD1BB70}" = IPTInstaller
"{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
"{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C813EU}_is1" = World of Warplanes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3607FA40-1D0F-4294-B034-6054349E1613}" = Windows Live Messenger
"{3A787631-66A2-4634-B928-A37E73B58FB6}" = Slick Savings
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{49110532-D289-4BFF-807C-45B782E66A7C}" = Photo Common
"{4BFE8ABF-F67A-4353-A05D-F5BA0044ECCA}" = ArcSoft TotalMedia 3.5
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
"{5002C5B1-B688-474A-AB3A-9B65DBD38FF9}" = HTC Sync Manager
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE0C52A9-0C1C-4289-875A-8FB81BB9A367}_is1" = DVD Shrink version 4.1
"{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 207610" = The Walking Dead
"Steam App 33970" = Arma 2: Operation Arrowhead Demo
"Steam App 8930" = Sid Meier's Civilization V
"VLC media player" = VLC media player 2.0.3
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}" = ROBLOX Studio 2013 for steves
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = ROBLOX Player for steves
"9204f5692a8faf3b" = Dell System Detect
"Akamai" = Akamai NetSession Interface

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2013 02:27:05 | Computer Name = steves-PC | Source = WinMgmt | ID = 10
Description =

Error - 15/08/2013 07:24:08 | Computer Name = steves-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 15/08/2013 02:26:45 | Computer Name = steves-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536804981.

Error - 15/08/2013 07:23:58 | Computer Name = steves-PC | Source = Service Control Manager | ID = 7024
Description = The AVG WatchDog service terminated with service-specific error %%-536804981.

< End of report >

ken545

2013-08-15, 18:19

Hi,

Thanks for the logs, I was called away today and will be back online late afternoon so I will look over your log and get back to you then.

Ken :)

fatcodycat

2013-08-15, 18:43

brilliant - thank you!

ken545

2013-08-15, 22:55

Hi,

Just a few things to remove.

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
[2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Slick Savings
[2013/07/27 16:04:47 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\Slick Savings
[2013/08/12 12:15:26 | 000,450,694 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Let me know how your system is behaving now, everything running ok ?

fatcodycat

2013-08-15, 23:28

My "favorites bar" is still not working and the "back" button on internet explorer still does not work, could this be my settings??

And AVG still says "there are no active components" and still wont update!!

log file below

All processes killed
========== OTL ==========
C:\Users\steves\AppData\Roaming\Slick Savings folder moved successfully.
C:\Users\steves\AppData\Local\Slick Savings folder moved successfully.
C:\Windows\SysNative\drivers\etc\hosts.20130814-171603.backup moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
E:\cmd.bat deleted successfully.
E:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: steven
->Java cache emptied: 7229127 bytes
->Google Chrome cache emptied: 111093481 bytes
->Flash cache emptied: 56994 bytes

User: steves
->Temp folder emptied: 97619202 bytes
->Temporary Internet Files folder emptied: 1428362995 bytes
->Java cache emptied: 15468 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1587994 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321377 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,610.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 08152013_221423

Files\Folders moved on Reboot...
C:\Users\steves\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\steves\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\etilqs_n5ajJWlvkeNSgx7 not found!
C:\Windows\temp\FireFly(201308152210438FC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_c2ruidll(201308152210438FC).log moved successfully.
C:\Windows\temp\integratedoffice.exe_streamserver(201308152210438FC).log moved successfully.
File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

ken545

2013-08-15, 23:39

Open Internet Explorer and go to Tools > Internet Options > Advanced Tab and click on Reset Internet Explorer Settings > Reset and let it do its thing, takes a minute or so, when its done, close out IE and then reopen it and see if this helped

Lets do this first and then we can look at AVG

fatcodycat

2013-08-16, 00:00

Yep IE is back and a lot faster

Resetting it worked, thanks

ken545

2013-08-16, 00:10

:bigthumb:

AVG, are you sure you want to use this program, I can suggest another and its free

fatcodycat

2013-08-16, 00:13

If it is better than AVG then why not?

:bigthumb:

AVG, are you sure you want to use this program, I can suggest another and its free

ken545

2013-08-16, 00:44

Never been a big fan of AVG, but if you like it and want to keep it then try uninstalling it and then download and reinstall a new copy from here
http://free.avg.com/us-en/homepage

If you decide to remove it, go to Programs and Features in the Control Panel , select AVG and uninstall it.

Then run the AVG removal tool as the windows uninstall wont get it all

http://download.avg.com/filedir/util/support/avg_remover_stf_x86_2011_1322.exe

Then download and install Microsoft Security Essentials from here
http://windows.microsoft.com/en-us/windows/security-essentials-download

Let me know what you decide to do ?

fatcodycat

2013-08-16, 11:10

Ok thanks

AVG gone, Microsoft security essentials installed - it has scanned and found nothing!!

everything appears back to normal??

ken545

2013-08-16, 11:36

Great, glad things are well

We need to update your Java to keep you more secure

Go to your Control Panel and click on the Java Icon ( looks like a little coffee cup ) click on About and you should have Version 7 Update 25, if not proceed with the instructions.

Go to the update Tab and update it
Important, during the upgrade UNCHECK ASK TOOL BAR. ( you do not need or want this )

Then go to your Add Remove Programs (WIN XP) or Programs and Features (Vista / Win 7) in the Control Panel and uninstall all previous versions.

You can verify the installation Here (http://www.java.com/en/download/help/testvm.xml)

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

http://i526.photobucket.com/albums/cc345/MPKwings/CF-Uninstall.png

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.

Malwarebytes is the free version and yours to keep and will not be removed

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/index.php?showtopic=57817)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)

Safe Surfn
Ken

fatcodycat

2013-08-16, 20:28

hello

Ok updates Java ok - I thought that AVG had gone, it would appear to be still there! the uninstall program stops about 1/3of the way at tell me that I don't have the privileges to remove it!!!

I have got windows 7 Home edition ( I suppose you know this looking a the previous logs) and I cant find the "run" window to remove combofix.

ken545

2013-08-16, 22:20

Hey, sorry your still having problems, the Run command has to be activated.

This is easier than me having to type it all out :)
http://www.howtogeek.com/howto/windows-vista/enable-run-command-on-windows-vista-start-menu/

Try using this tool to uninstall AVG ( can you tell why i am not a big fan )

Make sure you download the free version

http://www.revouninstaller.com/revo_uninstaller_free_download.html

Let me know how it went ???

fatcodycat

2013-08-16, 23:17

Hello

Ok now got a Run command - typed in your combofix de-installation command line and it did not find anything?? dose this mean it is not there???

The Revo Uninstaller did not find AVG!!! ( I am understanding Your "Love" for AVG now!!)

ken545

2013-08-16, 23:29

Lets do this first, AVG is gone, just some leftover stuff causing you problems

You will need the 64 bit version

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
64 Bit Version (http://jpshortstuff.247Fixes.com/SystemLook_x64.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:

:folderfind
AVG
:filefind
AVG
:regfind
AVG

Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

fatcodycat

2013-08-17, 01:29

system lock log! 1st part

"File"="avgvva.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1D58F8ED3EF8D745952788E5502E49A]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\avgvvx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F1D58F8ED3EF8D745952788E5502E49A\AA8E9FF4455D7EC4989F6BD9AAA5E189]
"File"="avgvvx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F23211A50A7D05C419A71F174EAFB381]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\ProgramData\AVG2013\log\avgss.cfg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2D4F2DCECB7373458FC26FDAAAF3CA0]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\fr\localize.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F325D7BB7989D8F4D876651E5811E2A6]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="02:\SOFTWARE\AVG\AVG2013\SetupFlags\FF_WD2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F37254A0CBD8F9541B80E791020606D1]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\3rd_party\licenses\boost.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D782571CE12024B84AA31D22136EF5]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\avgchclx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D782571CE12024B84AA31D22136EF5\AA8E9FF4455D7EC4989F6BD9AAA5E189]
"File"="avgchclx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F51AF4ADB0547454CB4949C8C335876B]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\avgntdumpx.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F51AF4ADB0547454CB4949C8C335876B\AA8E9FF4455D7EC4989F6BD9AAA5E189]
"File"="avgntdumpx.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F57C8C66B6368A24D964E7CEA0FB76B8]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="02:\SOFTWARE\AVG\AVG2013\AvgAddons"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5B5A5037B19F1547A2CA4DBE7807A32]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\3rd_party\licenses\curl.txt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5D2DBB4F91C46543BC47161133ACA85]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\images\twitter-logo.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F630609201243F74387E1C6E15247B8A]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\personalise_us.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F88CAF2FAFCC5C942BA5CF677A776A14]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\awacs\techbuddy\component\content.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F90F221982E38F54C94EA836D167B4F5]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files\Windows Sidebar\Shared Gadgets\AVG.Gadget\de\localize.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA803F8E5B429B349A444DBFCAEDBE4B]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\Tuneup\TUDiskCleaner.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAB9DCF931C3F164DBC573B06C1F16C1]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\avgwdwsc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FAB9DCF931C3F164DBC573B06C1F16C1\AA8E9FF4455D7EC4989F6BD9AAA5E189]
"File"="avgwdwsc.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB7B93F636C3C3348963342CD4E0762A]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\avglngx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB7B93F636C3C3348963342CD4E0762A\AA8E9FF4455D7EC4989F6BD9AAA5E189]
"File"="avglngx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEE4EBBD3F1EBC4488E444E5AFBC41DA]
"AA8E9FF4455D7EC4989F6BD9AAA5E189"="C:\Program Files (x86)\AVG\AVG2013\avgsecapia.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FEE4EBBD3F1EBC4488E444E5AFBC41DA\AA8E9FF4455D7EC4989F6BD9AAA5E189]
"File"="avgsecapia.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6D331B1297950F74EBC16F6A3B4096F3\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\7212A61D729B97341B35D3CE90E1E4BE\Features]
"WIFI_Software"="-6cH%bCi-=E]LST]o(su0UWZrF@W{874uOHPF^XfF9!b3P1@0=,w}$oy5%bhzwkTec'xH9wa*]!DKPh^8^cX]4M=q?x9P,XVXlVl&}+dwJgxFA3sXJL,+QtvGQzb[ygN_=fXkY(K'4uu?*VWxUe7p8t1GZFpv+duU@M[EMVwN?IvH~j4_]Vz_APL]=(=*?Y`+o+uMN@mB?G&1KA5g@2RsWxYPy`,J!LtpF~yP9umy$z(-Pii{jlJ!'o599Wh+vG-e]hiF_'-7-q84?cZvQ^CZCRAQtE+,?w9n9A*+@7vbT~*U3O6pM{))=Tns?VxVxjLjwUCDe^)(@_cG&JeYm^FTNxAw8V0y9m$+5JQ}_?Wz74AYZPTb8Jt@}3]i+-9eeEZTEziW=wumxg1I$8TkbRY4m+y}=m'rw@%R~Z=nL&(%!WYZ=^t_TV&*uXJ]G~]e}!5P?EYP.7T3y@Ao0[0gxS4D?rylk*Mzvryg_w}Ow`qX9K0m}uI&cgfUSCNJ7lSv?CsJ3WcpM}5WcdqzIxY[@s1qbKr(oN8Jvm-x7Hj0=4QPp0M)kx0O'iKb].Py?WlRgJv62$L9)+'2b]!7?1KDQ'1^,!1{yA*JJkn==(~kJ9!Oa'5E+JpcJ(U[@J^n5?BnCS.tE3a7!3)i?Zn%gCx.Qd&KhZIb[Mjm@,KFGkhHwY3Hp4.gZ,_!?z{pQD=AdAqdq-)gs`q[=Mooy.6QtO=q%JC.c{O+@Kt2gpBPZrzZf$JF]nd5?6(TnKSI&K[K2{BT)I%%@Khb-^o~}Mke4^C@c0sz8[`@B$Bc+EbNSi5Mb,D89&cP'84XFEtPT2Z&Zl=O@UMq,S'cf!_]OZwiui(p=KD-D)R[x30(X?S
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\Features]
"fea_Toolbar"="[@0p5xW@s@6Mnn]uFI@,ml%HRS*Ol=Y.]DAS[`KNAvgAddonsFea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\Features]
"AvgAddonsFea"="$%z%I3J$L9xLg!u6lImTMainFea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\Features]
"fea_GUI__Gadg"="}nT~r`0g99wurBqWQro&)zf&-$P_W?Nkyyx,F$3f=Xz+g+w^]?V&bg0xJF{e+TQfOCM,69G4`,uaKD)@*9)F(b&[T=+kbzRtaF%5t$jz+*&f!=x)3+x`?-R?}_ESn!13M9g(^eAuR0GTnUHcAV@n`9*ePo`tGy=$iGlo1zEAJ@txcEypF^d1uvP80McV_9?F.79N-uO2zVfvr4a{A9YFddV$f%$&RF?phei'QArk@j1Bj)yz+ZDD+?OJ`@&'C)SKNXH?Ns[{Mk@I=922q=M5BU+vN5.Vu?]Rh(MZUg(t3MzYI^%GgJP2@9QQtZ5w=D$K4NF[y'[0FATZ?_tFt$yTiw+E@.9iA=UbR+*W?QRD9}eI'os&W@gahQFtzLMZ?5lA8GO!_?76WM*~Zq^CpC[!1W3Z(=@3ll^e8plYmA{_Vx'RQ=BFI~GgWE^F@XVP7!o5n?1o1,XH45p689'ml[xX(A_rB=``wzN*~2J)dl?G09aL0i.2+QD%LlKyj$^cb9kw`lpFg+O&Vxl_hkcoJ=(Lt{1J)Gi6RY_HAsuR3@7[@Bi$GZhkzdg1PZ*3c9Xm&KSWK38b$VYsi8g2r=^SuLtcl*UpLFyC[*Ejw=HRcvN-Wg@cHx(I]gq'9AD7(MdiB3^[(+Q37!PtH9KQmZ+!z-0zojtIMR!bt9SB2RSr5[9!wvpPoS6?09xXPxo{D+g$G&B}@WJCQ@{I}yg3lY1naXw4J%NSr@A?U,h&1tRe3-ReHe`dv@zwkbE,+(II_{BJouB.ZA98,E]4(?pjET,*yD,Md8(D-4Qk(&f)`bb8rCGi{?=x3!w_sNlZUuU60DGW]?.Sp]A03B2Me(~!cH4R*9S-OHV'T`FCAvg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\InstallProperties]
"DisplayName"="AVG 2013"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\InstallProperties]
"URLInfoAbout"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\InstallProperties]
"InstallSource"="C:\ProgramData\AVG2013\SetupBackup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\InstallProperties]
"HelpLink"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AA8E9FF4455D7EC4989F6BD9AAA5E189\InstallProperties]
"Contact"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AD1A8EF66AC81084FBF0F0F2DE41F34F\Features]
"SmartWare"="p0-R,P[`&@W6]_]Ayr^TfwqgPk(Sy@@XIyp4W}x]HX`K[TIi5AJO[Yj9)3cDP=-Ts0%cD@jqo~,g=V``YBwW-PF5L?U@~9o5TY1@IC&URvoPS9D!9?9jJ[8T=ZRPp5sKN?$NWn.rIH5]aW$0mbg*6?o.HlCiL~lbt$64M@iCeAX19dYeW_keqQX2d{lQG@]qEHyj@Yts3TIP1UVYC@BDGi1HF.CTt&1Z9nu`bAv`Rz*jmd&jw=?Q?*xoL?~F}i$stCQhZG'Wa$w-N=GwI)VaQ^a^&d=-5!D@v@5*~Ouf+ljY4fba'!1cI9Gi)Lnlzg8YZq.*K6s[E908^'6fHawK*q?Adk^$?=rv_sQf3?G7qfb-8ew~l9x{yaeBoest?1?Fn+R4l9-BcbA'zu4h?~YHYYXNx9nK=Xlm%qs_[e=%.XvWy8FGU[-f*-Z66@dY9wZ&X9_KyDm]X85(7YGu[=u)=9aoW?(G`Y4Jw[XB,!R$x99J)^]vBS{M(cLIh=d@+@MVW]ZK+aokVPmUlfBx_9EF@kHB)'LkY?8b,hyaCAU6sbceq=1DpzbRN^(=DARCZDDsFGfskX+DMcxnD?,w,$*X)4u3yV1Bo,H3N9JrY&^M@@~J&fU-!]DTQ@F,*b=9kBhi-E3`ocu$S9hkfSH]L^6.jyMI_URz?=H)K.+Dqm8l&b)y,hMec@639XbcccZCN!grsaK[,9]Rv[cShhLeT[!gRwQDs?*qDX!G'=I3BL=8y=uAS?,?k[O)4zvX2e_L7o7v)=9W&H9Epy@qoV&tyg}e(@c8&jd=u.FK7wi5ZH]L(9eYjEqpblVwWS`*v'Z~v=u)*UHb3?&7ooydmkfZr9,~bRUtT!G!+Ro2-Agb
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C38FB47E5AC2FE8409F15939907E9DCE\InstallProperties]
"Contact"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C38FB47E5AC2FE8409F15939907E9DCE\InstallProperties]
"HelpLink"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C38FB47E5AC2FE8409F15939907E9DCE\InstallProperties]
"InstallSource"="C:\ProgramData\AVG2013\SetupBackup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C38FB47E5AC2FE8409F15939907E9DCE\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C38FB47E5AC2FE8409F15939907E9DCE\InstallProperties]
"URLInfoAbout"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C38FB47E5AC2FE8409F15939907E9DCE\InstallProperties]
"DisplayName"="AVG 2013"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG Find Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG Shell Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
"UninstallString"=""C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe" /AppMode=SETUP /Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
"ModifyPath"=""C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe" /AppMode=DOWNLOADMANAGER"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
"DisplayName"="AVG 2013"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG]
"DisplayIcon"=""C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21B133D6-5979-47F0-BE1C-F6A6B304693F}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}]
"DisplayName"="AVG 2013"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}]
"URLInfoAbout"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}]
"InstallSource"="C:\ProgramData\AVG2013\SetupBackup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}]
"HelpLink"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}]
"Contact"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E74BF83C-2CA5-48EF-901F-959309E7D9EC}]
"Contact"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E74BF83C-2CA5-48EF-901F-959309E7D9EC}]
"HelpLink"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E74BF83C-2CA5-48EF-901F-959309E7D9EC}]
"InstallSource"="C:\ProgramData\AVG2013\SetupBackup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E74BF83C-2CA5-48EF-901F-959309E7D9EC}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E74BF83C-2CA5-48EF-901F-959309E7D9EC}]
"URLInfoAbout"="http://www.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E74BF83C-2CA5-48EF-901F-959309E7D9EC}]
"DisplayName"="AVG 2013"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"InstallationResult"="@AVGMSI_Error1922"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"UISTART_SHORTCUT"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2013.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"AVG_ProdCode"="{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"AvgAllUsersDir"="C:\ProgramData\AVG2013\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"AvgDir"="C:\Program Files (x86)\AVG\AVG2013\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"AvgAddons"="dummy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013]
"AvgMainFea"="dummy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner]
"ControlFile"="C:\Program Files (x86)\AVG\AVG2013\cf.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner]
"LocalIcons"="C:\Program Files (x86)\AVG\AVG2013\Icons\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner]
"AppPath"="C:\Program Files (x86)\AVG\AVG2013\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner\Prevalence]
"DAILYOPURL"="http://mmi.cloud.avg.com/d.aspx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner\Prevalence]
"EVENTOPURL"="http://mmi.cloud.avg.com/e.aspx"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner\Prevalence]
"LocalPath"="C:\ProgramData\AVG2013\lsdb\prev\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner\SiteBlocker]
"BLSigFile"="C:\Program Files (x86)\AVG\AVG2013\sb.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Avg\Avg2013\LinkScanner\SploitChecker]
"SigFile"="C:\Program Files (x86)\AVG\AVG2013\sc.dat"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\AVG Secure Search]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
"DllName"="avgssie.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\avgui_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"=""C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG Find Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG Shell Extension"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
"Help1"="Scan against viruses with AVG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
"Menu1"="Scan with &AVG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
@="C:\PROGRA~2\AVG\AVG2013\avgsea.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"

fatcodycat

2013-08-17, 01:29

2nd part

Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}]
"LocalizedString"="@C:\Program Files (x86)\AVG\AVG2013\Tuneup\tumicroscanner.exe,-31415"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\Elevation]
"IconReference"="@C:\Program Files (x86)\AVG\AVG2013\Tuneup\tumicroscanner.exe,-27182"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{1152F8E0-69DB-4935-AFC3-59F8A5A86A30}\LocalServer32]
@="C:\PROGRA~2\AVG\AVG2013\Tuneup\TUMICR~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{86E8C5B0-75B6-4ff2-B04F-6789CC7AE386}\Path]
"x86"="C:\Program Files (x86)\AVG\AVG2013\avgapix.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}]
@="AVG Shell Extension Class"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}\InprocServer32]
@="C:\Program Files (x86)\AVG\AVG2013\avgse.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{EF0BB4CD-81FA-48AF-99B3-AB6C1F079BEC}]
"url"="fwstats.mtrap.avg.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\avgsbg.DLL]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{EFFE7926-4CE7-43A9-8E93-2040AC623858}]
@="avgsbg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2013\Tuneup\tumicroscanner.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{66694099-FBD8-4A98-AB9F-F19EAB4144C0}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2013\Tuneup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0869B2C-C907-4DCA-A72B-6D54C1E1B1A2}\1.0]
@="avgsbg 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0869B2C-C907-4DCA-A72B-6D54C1E1B1A2}\1.0\0\win32]
@="C:\Program Files (x86)\AVG\AVG2013\avgsbga.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{A0869B2C-C907-4DCA-A72B-6D54C1E1B1A2}\1.0\HELPDIR]
@="C:\Program Files (x86)\AVG\AVG2013"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSDRIVER\0000\Control]
"ActiveService"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGIDSHA\0000\Control]
"ActiveService"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLDX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLDX64\0000]
"Service"="Avgldx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLDX64\0000]
"DeviceDesc"="AVG AVI Loader Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLDX64\0000\Control]
"ActiveService"="Avgldx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLOGA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLOGA\0000]
"Service"="Avgloga"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLOGA\0000]
"DeviceDesc"="AVG Logging Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGLOGA\0000\Control]
"ActiveService"="Avgloga"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGMFX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGMFX64\0000]
"Service"="Avgmfx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGMFX64\0000]
"DeviceDesc"="AVG Mini-Filter Resident Anti-Virus Shield"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGMFX64\0000\Control]
"ActiveService"="Avgmfx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000\Control]
"ActiveService"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000\Control]
"ActiveService"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg\AVG2013]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg\AVG2013]
"DriverLogPath"="\systemroot\system32\config\systemprofile\AppData\Local\Avg2013\log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg\AVG2013]
"AvgAllUsersDir"="C:\ProgramData\AVG2013\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avg\AVG2013]
"AvgDir"="C:\Program Files (x86)\AVG\AVG2013\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"ImagePath"=""C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"DisplayName"="AVGIDSAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent]
"DependOnService"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSAgent\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"DisplayName"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver]
"Description"="AVG Technologies IDS Application Activity Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSDriver\Enum]
"0"="Root\LEGACY_AVGIDSDRIVER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"DisplayName"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AVGIDSHA\Enum]
"0"="Root\LEGACY_AVGIDSHA\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"DisplayName"="AVG AVI Loader Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgldx64\Enum]
"0"="Root\LEGACY_AVGLDX64\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"DisplayName"="AVG Logging Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga]
"NotifyDrivers"="\Device\AvgTdi \Device\AvgAviLdr \Device\Avg7Rs \Device\AVGIDSErHr \Device\AVGIDS_Ioc2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgloga\Enum]
"0"="Root\LEGACY_AVGLOGA\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"DisplayName"="AVG Mini-Filter Resident Anti-Virus Shield"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64\Instances]
"DefaultInstance"="Avgmf Instance"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64\Instances\Avgmf Instance]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgmfx64\Enum]
"0"="Root\LEGACY_AVGMFX64\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64]
"DisplayName"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgrkx64\Enum]
"0"="Root\LEGACY_AVGRKX64\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia]
"DisplayName"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Avgtdia\Enum]
"0"="Root\LEGACY_AVGTDIA\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"ImagePath"=""C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"DisplayName"="AVG WatchDog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\avgwd]
"Description"="AVG Watchdog Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C378189-1336-46FD-B4E7-E95D6A7E8C28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E47399C4-79F2-4A13-BE9F-C606CFAE1752}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AF9D8C71-B1B3-4544-8F3A-44CECB75A938}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A48F2AA3-EB2F-456A-8BDE-49E2AAD8F4E0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F2D2596-0B08-41DE-8C43-A8035A5FD521}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{97FAB04F-CD21-443C-AE66-9CE79AA7411F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B280B0-0F31-4F82-9FAB-063D715AEE0D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal E-mail Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3700F159-C044-4667-B127-69CE76EFF211}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal E-mail Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AEAFD3FB-7C25-439F-B43F-B0B787919152}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FCB9ECA-622D-4495-AA38-28D1CC7DCF90}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FFB5C093-0728-4391-AE30-EDC793848ABD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEE5BF99-4FCF-4DBE-88C0-42A08C93767E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FECA3C9-B329-4513-B86C-6AC2256A03E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BF7C7594-10DE-447E-AF8B-28442D0D693D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29FC8039-E1EB-4AE2-A91F-679FD56D128A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal Email Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{299FFD1D-731B-4231-855E-3A1F34728BE1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal Email Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGLDX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGLDX64\0000]
"Service"="Avgldx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGLDX64\0000]
"DeviceDesc"="AVG AVI Loader Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGLOGA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGLOGA\0000]
"Service"="Avgloga"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGLOGA\0000]
"DeviceDesc"="AVG Logging Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGMFX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGMFX64\0000]
"Service"="Avgmfx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGMFX64\0000]
"DeviceDesc"="AVG Mini-Filter Resident Anti-Virus Shield"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avg]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avg\AVG2013]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avg\AVG2013]
"DriverLogPath"="\systemroot\system32\config\systemprofile\AppData\Local\Avg2013\log"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avg\AVG2013]
"AvgAllUsersDir"="C:\ProgramData\AVG2013\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avg\AVG2013]
"AvgDir"="C:\Program Files (x86)\AVG\AVG2013\"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSAgent]
"ImagePath"=""C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSAgent]
"DisplayName"="AVGIDSAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSAgent]
"DependOnService"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSAgent\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSDriver]
"DisplayName"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSDriver]
"Description"="AVG Technologies IDS Application Activity Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSDriver\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSHA]
"DisplayName"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSHA]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\AVGIDSHA\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgldx64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgldx64]
"DisplayName"="AVG AVI Loader Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgldx64]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgloga]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgloga]
"DisplayName"="AVG Logging Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgloga]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgloga]
"NotifyDrivers"="\Device\AvgTdi \Device\AvgAviLdr \Device\Avg7Rs \Device\AVGIDSErHr \Device\AVGIDS_Ioc2"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgmfx64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgmfx64]
"DisplayName"="AVG Mini-Filter Resident Anti-Virus Shield"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgmfx64]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgmfx64\Instances]
"DefaultInstance"="Avgmf Instance"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgmfx64\Instances\Avgmf Instance]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgrkx64]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgrkx64]
"DisplayName"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgtdia]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\Avgtdia]
"DisplayName"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgwd]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgwd]
"ImagePath"=""C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgwd]
"DisplayName"="AVG WatchDog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\avgwd]
"Description"="AVG Watchdog Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C378189-1336-46FD-B4E7-E95D6A7E8C28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E47399C4-79F2-4A13-BE9F-C606CFAE1752}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AF9D8C71-B1B3-4544-8F3A-44CECB75A938}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A48F2AA3-EB2F-456A-8BDE-49E2AAD8F4E0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F2D2596-0B08-41DE-8C43-A8035A5FD521}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{97FAB04F-CD21-443C-AE66-9CE79AA7411F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B280B0-0F31-4F82-9FAB-063D715AEE0D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal E-mail Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3700F159-C044-4667-B127-69CE76EFF211}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal E-mail Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AEAFD3FB-7C25-439F-B43F-B0B787919152}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FCB9ECA-622D-4495-AA38-28D1CC7DCF90}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FFB5C093-0728-4391-AE30-EDC793848ABD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEE5BF99-4FCF-4DBE-88C0-42A08C93767E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FECA3C9-B329-4513-B86C-6AC2256A03E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BF7C7594-10DE-447E-AF8B-28442D0D693D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29FC8039-E1EB-4AE2-A91F-679FD56D128A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal Email Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{299FFD1D-731B-4231-855E-3A1F34728BE1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal Email Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"Service"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000]
"DeviceDesc"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSDRIVER\0000\Control]
"ActiveService"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"Service"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000]
"DeviceDesc"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGIDSHA\0000\Control]
"ActiveService"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64\0000]
"Service"="Avgldx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64\0000]
"DeviceDesc"="AVG AVI Loader Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLDX64\0000\Control]
"ActiveService"="Avgldx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLOGA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLOGA\0000]
"Service"="Avgloga"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLOGA\0000]
"DeviceDesc"="AVG Logging Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGLOGA\0000\Control]
"ActiveService"="Avgloga"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64\0000]
"Service"="Avgmfx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64\0000]
"DeviceDesc"="AVG Mini-Filter Resident Anti-Virus Shield"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGMFX64\0000\Control]
"ActiveService"="Avgmfx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"Service"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000\Control]
"ActiveService"="Avgrkx64"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"Service"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000\Control]
"ActiveService"="Avgtdia"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avg]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avg\AVG2013]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avg\AVG2013]
"DriverLogPath"="\systemroot\system32\config\systemprofile\AppData\Local\Avg2013\log"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avg\AVG2013]
"AvgAllUsersDir"="C:\ProgramData\AVG2013\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avg\AVG2013]
"AvgDir"="C:\Program Files (x86)\AVG\AVG2013\"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSAgent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSAgent]
"ImagePath"=""C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSAgent]
"DisplayName"="AVGIDSAgent"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSAgent]
"DependOnService"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSAgent\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSDriver]
"DisplayName"="AVGIDSDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSDriver]
"Description"="AVG Technologies IDS Application Activity Monitor Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSDriver\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSDriver\Enum]
"0"="Root\LEGACY_AVGIDSDRIVER\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSHA]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSHA]
"DisplayName"="AVGIDSHA"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSHA]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSHA\Parameters]
"NamePrefix"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\AVGIDSHA\Enum]
"0"="Root\LEGACY_AVGIDSHA\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgldx64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgldx64]
"DisplayName"="AVG AVI Loader Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgldx64]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgldx64\Enum]
"0"="Root\LEGACY_AVGLDX64\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgloga]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgloga]
"ImagePath"="system32\DRIVERS\avgloga.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgloga]
"DisplayName"="AVG Logging Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgloga]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgloga]
"NotifyDrivers"="\Device\AvgTdi \Device\AvgAviLdr \Device\Avg7Rs \Device\AVGIDSErHr \Device\AVGIDS_Ioc2"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgloga\Enum]
"0"="Root\LEGACY_AVGLOGA\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64]
"DisplayName"="AVG Mini-Filter Resident Anti-Virus Shield"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64]
"Group"="AVG"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64\Instances]
"DefaultInstance"="Avgmf Instance"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64\Instances\Avgmf Instance]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgmfx64\Enum]
"0"="Root\LEGACY_AVGMFX64\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgrkx64]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgrkx64]
"DisplayName"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgrkx64\Enum]
"0"="Root\LEGACY_AVGRKX64\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgtdia]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgtdia]
"DisplayName"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Avgtdia\Enum]
"0"="Root\LEGACY_AVGTDIA\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgwd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgwd]
"ImagePath"=""C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgwd]
"DisplayName"="AVG WatchDog"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\avgwd]
"Description"="AVG Watchdog Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1C378189-1336-46FD-B4E7-E95D6A7E8C28}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E47399C4-79F2-4A13-BE9F-C606CFAE1752}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AF9D8C71-B1B3-4544-8F3A-44CECB75A938}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A48F2AA3-EB2F-456A-8BDE-49E2AAD8F4E0}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5F2D2596-0B08-41DE-8C43-A8035A5FD521}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{97FAB04F-CD21-443C-AE66-9CE79AA7411F}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D6B280B0-0F31-4F82-9FAB-063D715AEE0D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal E-mail Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3700F159-C044-4667-B127-69CE76EFF211}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal E-mail Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AEAFD3FB-7C25-439F-B43F-B0B787919152}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2FCB9ECA-622D-4495-AA38-28D1CC7DCF90}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe|Name=Online Shield|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FFB5C093-0728-4391-AE30-EDC793848ABD}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{DEE5BF99-4FCF-4DBE-88C0-42A08C93767E}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgdiagex.exe|Name=AVG Diagnostics 2013|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FECA3C9-B329-4513-B86C-6AC2256A03E6}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BF7C7594-10DE-447E-AF8B-28442D0D693D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{29FC8039-E1EB-4AE2-A91F-679FD56D128A}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal Email Scanner|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{299FFD1D-731B-4231-855E-3A1F34728BE1}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2013\avgemca.exe|Name=Personal Email Scanner|"
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\.DEFAULT\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\.DEFAULT\Software\Avg]
[HKEY_USERS\.DEFAULT\Software\Avg\Avg2013]
[HKEY_USERS\.DEFAULT\Software\Avg\Avg2013\Avgdiag]
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\01gEorGwmHAs7jrsxdZ9dHmw]
"Request Wednesday, November 28, 2012 17:38:20"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtqenofn060SsgC8/VW0djQQAAAACAAAAAAAQZgAAAAEAACAAAABXk8Bi+nerJyk1Dm5VEMeEzC1NEVtRbUNdeeHYADesuAAAAAAOgAAAAAIAACAAAAD7r9py45WAfI1BK3Fl3p0+sGbu5IGyTCQ9zU5UNg06+eALAADVoS5hrvoYii6wamVxkgDAW9cB/gkMHfNWBp4Iywbp/QIwsjQUDjSh7qUwOQh2LiCC8xAUToXldPTSq35jlMeiSQ8dY0g6hxEi5xb6T4MyB31rq9G/lRnhuEwoKsUK41OA/CGz50sHbz2UP6eU3Xwi/JgCyftd/yxjPnSEnLvj8oBRy5XL/MM9zZRUELAMErZh8lM1Iqkq8VZbvRv/aPqLhvR5s32RSyy8kwQjPvIN8VDI8rUOUNkB3/QzfSPbO/CUtdZ431gKZ5RH9qfHph1ravgpcSEqDDiov9j+6XZK1XzDzshm2r7LtDKaqcRHPnpkxggYbrgrQG405d6ZCVmc9XXtBe/sCj5UyjaWrs0srkNGTvM4+toGw+NOp5DeM35vi3rMHiYvlnpDVaRlCfwMQRXqE5quc68wobCvO03hi7+Rt8vxiKRDZgHGzRfig0oKYFSNw27CuK20BHQ9Xj3gQ8LgzVKjUUyuIcB36Cp2GME8NnNj1iows40rf6NaE6pTqTUWd+Ot5BRxHaNDInceGUKcW6Oa7JgbbYPm1VBVFxLJS7+KG9RKZ3sgAm8amjEgE5JA3aRJKDmW7u/KYFgXgJzoIwwor66LqCkDJ15KSjekiiDJ9iTIuGtMHlq1Y1ERqO+KTQkYFmFOFSx7Ly5I36dL3Y4
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\01gEorGwmHAs7jrsxdZ9dHmw]
"Response Wednesday, November 28, 2012 17:38:20"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtqenofn060SsgC8/VW0djQQAAAACAAAAAAAQZgAAAAEAACAAAAC/Wx2iYvTpDHsse6qvhKgasnsPY5UTw/+JGvBnNgjv+wAAAAAOgAAAAAIAACAAAADvdk2trs8XTEBVFMnUc8P2lInY2w7nicgrHQfqkbISTTAFAACw9hLMhkVbcuy7Y0V107PAvGUVs5PK6y4YFdV21KAnwo3sQ0SnyPlZqz+q4k2qtIuqFUiRqUZG0WMGakEnGEH/uih1VaSOiNVDz2VeE9ca/Q+2sguI4E01gRCe20ZqkB/Oso6qEFXrVgQYYtwbkf5hop115xpJaDb0Q09hiEvqRAdsQOYxqhS685NxG08cOa03YnLYXEKQRpDPEpyfiYRXnz0Ff7Kdv3CCkFUnhwhBCUyVrsWPRZ/CMQE+USbSYSv6S5vjH3z2tLhekRBBOG9tkAbP5rLeO/DRkzDfkZjpz64Coay95CVxzSre4Wn6ohqtwQSPaC+pO2mGplYTJzQaD3eMxUceh5ZXvBHTZ/ArQU42+fWITSQbzOiwY6C+f5EykaVVdMwc2aY0rnUOK/XZ0Nj02JeHbbQDcuTW65txf02AZQF2bSRp7Ph5XOhhJyOOmGUz+HsHGwN3optWX+eeXlzMcS8jew5jUZF5dl7H+/PSWkGJV28GeJ+1ooOl/GAV5uIs8v3NBHrz75lK1LzRa2oqaVeDhCpU2eC1IXXVgUwKNyJnT/r320MjJOo+k5xBFRK1djLu1ywxpbpIo+us8ZX2yP1czkfyZBqj2h1F47RBNmhsp173unJUj9fPGL5UXBLzQ3dE8FEhdC1LHBIrCgurZk
[HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-4293206663-3280212633-2623293166-1000\02iorntuyqja]
"DeviceId"="<Data><User username="02IORNTUYQJA"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtqenofn060SsgC8/VW0djQQAAAACAAAAAAAQZgAAAAEAACAAAAB3l9JBw+VoIsLAiSPWwgdFVcQ6OECt09MLex+uDLsNnwAAAAAOgAAAAAIAACAAAADuZYqcAweH4JgN2QHHA8WIhFM7QL4v6+u087ajtZJozTAAAAACtU8/+tfIHpCwgztRvol68LekfS1njB5oSzSjVhXuGSOK6FDkqBgu1FtUVIDTqXhAAAAATCr9GSNQc6rIVFb63ln/WlWrviY4qHyEbdjChgeBArtvEQ/m0eOuKGHiHfR3iEzmCH6AotUL3+X8oJqtdi26QA==</Pwd><Certificate targetname="WindowsLive:(cert):name=02iorntuyqja;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVgBXAGUAQQBnAEIAcgBkAEEAVQBPAGgASQBDAHcAdwBaACsAUQA0AFcAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEARABCAFEAaAB0AGoAaABrAE4AeQBPACsAagBlADMA
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Adobe\Acrobat Reader\11.0\AVGeneral]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Avg\Avg2013]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Avg\Avg2013\Avgdiag]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Avg\Avg2013\Dialogs\WindowsPos\AvgUiAdvWnd]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_USERS\S-1-5-21-4293206663-3280212633-2623293166-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG2013\avgui.exe"="AVG User Interface"
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiRSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinished]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanFinishedThreatFound]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiScanStarted]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEnd]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdEndFail]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiUpdStart]
[HKEY_USERS\S-1-5-18\AppEvents\EventLabels\avguiWSAlert]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
[HKEY_USERS\S-1-5-18\AppEvents\Schemes\Apps\avgui]
@="AVG"
[HKEY_USERS\S-1-5-18\Software\Avg]
[HKEY_USERS\S-1-5-18\Software\Avg\Avg2013]
[HKEY_USERS\S-1-5-18\Software\Avg\Avg2013\Avgdiag]
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\01gEorGwmHAs7jrsxdZ9dHmw]
"Request Wednesday, November 28, 2012 17:38:20"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtqenofn060SsgC8/VW0djQQAAAACAAAAAAAQZgAAAAEAACAAAABXk8Bi+nerJyk1Dm5VEMeEzC1NEVtRbUNdeeHYADesuAAAAAAOgAAAAAIAACAAAAD7r9py45WAfI1BK3Fl3p0+sGbu5IGyTCQ9zU5UNg06+eALAADVoS5hrvoYii6wamVxkgDAW9cB/gkMHfNWBp4Iywbp/QIwsjQUDjSh7qUwOQh2LiCC8xAUToXldPTSq35jlMeiSQ8dY0g6hxEi5xb6T4MyB31rq9G/lRnhuEwoKsUK41OA/CGz50sHbz2UP6eU3Xwi/JgCyftd/yxjPnSEnLvj8oBRy5XL/MM9zZRUELAMErZh8lM1Iqkq8VZbvRv/aPqLhvR5s32RSyy8kwQjPvIN8VDI8rUOUNkB3/QzfSPbO/CUtdZ431gKZ5RH9qfHph1ravgpcSEqDDiov9j+6XZK1XzDzshm2r7LtDKaqcRHPnpkxggYbrgrQG405d6ZCVmc9XXtBe/sCj5UyjaWrs0srkNGTvM4+toGw+NOp5DeM35vi3rMHiYvlnpDVaRlCfwMQRXqE5quc68wobCvO03hi7+Rt8vxiKRDZgHGzRfig0oKYFSNw27CuK20BHQ9Xj3gQ8LgzVKjUUyuIcB36Cp2GME8NnNj1iows40rf6NaE6pTqTUWd+Ot5BRxHaNDInceGUKcW6Oa7JgbbYPm1VBVFxLJS7+KG9RKZ3sgAm8amjEgE5JA3aRJKDmW7u/KYFgXgJzoIwwor66LqCkDJ15KSjekiiDJ9iTIuGtMHlq1Y1ERqO+KTQkYFmFOFSx7Ly5I36dL3Y4
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\Logs\01gEorGwmHAs7jrsxdZ9dHmw]
"Response Wednesday, November 28, 2012 17:38:20"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtqenofn060SsgC8/VW0djQQAAAACAAAAAAAQZgAAAAEAACAAAAC/Wx2iYvTpDHsse6qvhKgasnsPY5UTw/+JGvBnNgjv+wAAAAAOgAAAAAIAACAAAADvdk2trs8XTEBVFMnUc8P2lInY2w7nicgrHQfqkbISTTAFAACw9hLMhkVbcuy7Y0V107PAvGUVs5PK6y4YFdV21KAnwo3sQ0SnyPlZqz+q4k2qtIuqFUiRqUZG0WMGakEnGEH/uih1VaSOiNVDz2VeE9ca/Q+2sguI4E01gRCe20ZqkB/Oso6qEFXrVgQYYtwbkf5hop115xpJaDb0Q09hiEvqRAdsQOYxqhS685NxG08cOa03YnLYXEKQRpDPEpyfiYRXnz0Ff7Kdv3CCkFUnhwhBCUyVrsWPRZ/CMQE+USbSYSv6S5vjH3z2tLhekRBBOG9tkAbP5rLeO/DRkzDfkZjpz64Coay95CVxzSre4Wn6ohqtwQSPaC+pO2mGplYTJzQaD3eMxUceh5ZXvBHTZ/ArQU42+fWITSQbzOiwY6C+f5EykaVVdMwc2aY0rnUOK/XZ0Nj02JeHbbQDcuTW65txf02AZQF2bSRp7Ph5XOhhJyOOmGUz+HsHGwN3optWX+eeXlzMcS8jew5jUZF5dl7H+/PSWkGJV28GeJ+1ooOl/GAV5uIs8v3NBHrz75lK1LzRa2oqaVeDhCpU2eC1IXXVgUwKNyJnT/r320MjJOo+k5xBFRK1djLu1ywxpbpIo+us8ZX2yP1czkfyZBqj2h1F47RBNmhsp173unJUj9fPGL5UXBLzQ3dE8FEhdC1LHBIrCgurZk
[HKEY_USERS\S-1-5-18\Software\Microsoft\IdentityCRL\DeviceIdentities\production\S-1-5-21-4293206663-3280212633-2623293166-1000\02iorntuyqja]
"DeviceId"="<Data><User username="02IORNTUYQJA"><Pwd Det="false">AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAtqenofn060SsgC8/VW0djQQAAAACAAAAAAAQZgAAAAEAACAAAAB3l9JBw+VoIsLAiSPWwgdFVcQ6OECt09MLex+uDLsNnwAAAAAOgAAAAAIAACAAAADuZYqcAweH4JgN2QHHA8WIhFM7QL4v6+u087ajtZJozTAAAAACtU8/+tfIHpCwgztRvol68LekfS1njB5oSzSjVhXuGSOK6FDkqBgu1FtUVIDTqXhAAAAATCr9GSNQc6rIVFb63ln/WlWrviY4qHyEbdjChgeBArtvEQ/m0eOuKGHiHfR3iEzmCH6AotUL3+X8oJqtdi26QA==</Pwd><Certificate targetname="WindowsLive:(cert):name=02iorntuyqja;serviceuri=msn-messenger-didc" keyword="Microsoft_WindowsLive:certificate:" type="1">PABDAGUAcgB0AEkAbgBmAG8APgA8AEsAZQB5AHAAYQBpAHIAPgBBAFEAQQBBAEEATgBDAE0AbgBkADgAQgBGAGQARQBSAGoASABvAEEAdwBFAC8AQwBsACsAcwBCAEEAQQBBAEEAVgBXAGUAQQBnAEIAcgBkAEEAVQBPAGgASQBDAHcAdwBaACsAUQA0AFcAUQBRAEEAQQBBAEEAQwBBAEEAQQBBAEEAQQBBAFEAWgBnAEEAQQBBAEEARQBBAEEAQwBBAEEAQQBBAEEARABCAFEAaAB0AGoAaABrAE4AeQBPACsAagBlADMA
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\softwarecenterz.com\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-for-free.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\avg-secure.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg-download.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\free-avg.org]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grab-it-today.net\www.avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\official-avg-download-now.com]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\avg]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\softwarecenterz.com\www.avg]

-= EOF =-

ken545

2013-08-17, 02:04

Lets try this first

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download the installer for Registry Backup from here (http://www.bleepingcomputer.com/download/registry-backup/) or here (http://www.tweaking.com/files/setups/tweaking.com_registry_backup_setup.exe) and save to your desktop.
Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
Once the GUI(graphical user interface) has appeared/loaded:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TCRB-1.jpg

Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-

http://i280.photobucket.com/albums/kk173/Dakeyras_album2/TBRB-2.jpg

Close Tweaking.com - Registry Backup

Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features be viewed here (http://www.malwareremoval.com/forum/viewtopic.php?f=4&t=61325).

REGEDIT4

[-HKEY_LOCAL_MACHINE\Software\AVG]
[-HKEY_CURRENT_USER\Software\AVG]

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg

Then run SystemLook again with just this script

:regfind
AVG

fatcodycat

2013-08-17, 02:23

hello

Done all that

System look log below

SystemLook 30.07.11 by jpshortstuff
Log created at 01:22 on 17/08/2013 by steves
Administrator - Elevation successful

========== regfind ==========

Searching for " AVG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi\shell\AvgDxOpenVerb]
@="Open AVG diag file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx\shell\AvgDxOpenVerb]
@="Open AVG diag file"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
"Help1"="Scan against viruses with AVG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]
"Help1"="Scan against viruses with AVG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

-= EOF =-

ken545

2013-08-17, 03:31

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdi]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.avgdx]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AVGSE.DLL]

Copy the entire contents inside the Quote box and Paste it into Notepad ( this will only work with Notepad ) name the file Regfix.reg and in the drop down box, save it as All Files. Save it to your desktop. Then Rightclick on the Regfix.reg file and click on Merge, when it asks you to merge with the Registry, say yes.

If you saved the file correctly it should look like this http://i24.photobucket.com/albums/c30/ken545/reg.jpg

Run SystemLook again with the same script

fatcodycat

2013-08-17, 11:46

Done, system look log below

SystemLook 30.07.11 by jpshortstuff
Log created at 10:45 on 17/08/2013 by steves
Administrator - Elevation successful

========== regfind ==========

Searching for " AVG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo

-= EOF =-

ken545

2013-08-17, 12:20

Hi,

I think those registry entries are harmless but I want to get another opinion . The AVG files and folders appear to be gone so you should be ok.

In the meantime run a new scan with OTL and let me take another look for any AVG leftovers and we can deal with removing Combofix also.

fatcodycat

2013-08-17, 14:53

OTL log below!

OTL logfile created on: 17/08/2013 13:29:17 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\steves\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.66 Gb Available Physical Memory | 42.18% Memory free
7.87 Gb Paging File | 5.07 Gb Available in Paging File | 64.43% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 113.59 Gb Free Space | 16.26% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 6.64 Gb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\steves\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes,DefaultScope = {70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\steves\AppData\Local\Roblox\Versions\version-7cb7ff22d9334da0\\NPRobloxProxy.dll ()

O1 HOSTS File: ([2013/08/15 22:14:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Akamai NetSession Interface] C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe (PLX Technology)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 [2013/05/16 22:24:08 | 000,000,000 | ---D | M]
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 01:15:50 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/17 01:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/17 01:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/16 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/08/16 22:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/08/16 19:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/08/16 19:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/16 19:04:52 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/16 19:04:52 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/16 19:04:52 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/16 19:04:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/16 19:04:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/16 19:04:43 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/08/16 19:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/08/16 19:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/08/16 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/08/16 09:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/08/15 07:17:13 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Malwarebytes
[2013/08/15 07:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/15 07:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/15 07:16:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/15 07:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/15 07:04:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/14 11:59:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/14 11:59:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/14 11:59:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/14 11:59:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/14 11:59:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/14 11:59:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/14 11:59:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/14 11:59:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/14 11:59:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/14 11:59:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/14 11:59:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 11:59:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/14 11:59:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 11:38:09 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 11:38:09 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 11:38:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 11:37:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 11:37:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 11:37:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 11:37:38 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 11:37:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 11:37:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 11:37:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 11:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 11:37:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 11:37:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 11:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/12 14:28:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/12 13:42:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/12 13:42:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/08/12 07:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/11 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/10 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\Kindle books
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\Documents\ArmA 2 OA Demo
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
[2013/08/06 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\MORGAGE
[2013/08/03 20:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/31 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\config
[2013/07/21 19:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

========== Files - Modified Within 30 Days ==========

[2013/08/17 13:29:04 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 13:29:04 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/17 13:16:43 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/17 13:15:12 | 3168,043,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/17 13:15:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/17 12:53:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/17 12:45:28 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/17 11:43:42 | 000,001,354 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Player.lnk
[2013/08/17 11:43:42 | 000,001,173 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Studio 2013.lnk
[2013/08/17 01:16:58 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-STEVES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/17 01:14:55 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/08/16 22:04:48 | 000,001,268 | ---- | M] () -- C:\Users\steves\Desktop\Revo Uninstaller.lnk
[2013/08/16 19:04:32 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/08/16 19:04:26 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/16 19:04:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/16 19:04:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/16 19:04:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/16 19:04:23 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/16 09:53:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/15 22:14:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/15 07:16:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 20:59:44 | 000,001,108 | ---- | M] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/14 11:56:33 | 000,741,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/14 11:56:33 | 000,620,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/14 11:56:33 | 000,110,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/11 12:46:10 | 000,217,600 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/08/11 12:46:10 | 000,176,128 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/08/07 19:08:40 | 000,000,221 | ---- | M] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/30 17:53:52 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/27 16:04:47 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/26 06:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/26 06:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/26 06:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/26 06:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/26 06:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/26 06:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/26 06:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/26 04:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/26 04:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/26 04:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/26 04:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/26 04:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/26 03:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/26 02:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 10:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/21 19:15:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/21 16:18:51 | 000,512,825 | ---- | M] () -- C:\Users\steves\Desktop\FTB_Launcher.exe
[2013/07/21 09:52:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 09:52:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys

========== Files Created - No Company Name ==========

[2013/08/17 01:16:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-STEVES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/17 01:14:55 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/08/16 22:04:48 | 000,001,268 | ---- | C] () -- C:\Users\steves\Desktop\Revo Uninstaller.lnk
[2013/08/16 09:53:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/08/16 09:53:08 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/08/15 07:16:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 20:59:44 | 000,001,108 | ---- | C] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/07 19:08:39 | 000,000,221 | ---- | C] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/31 12:04:06 | 000,217,600 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/07/31 12:04:06 | 000,176,128 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/07/30 17:53:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/07/27 16:04:47 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/07/21 19:15:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/02/04 19:31:57 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/04 19:31:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/25 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\.minecraft
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\AVG2012
[2012/11/25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Azureus
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\CompuClever
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\FreeAudioPack
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ImgBurn
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\InfraRecorder
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\iScreensaver
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\NCH Swift Sound
[2012/06/20 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Outlook
[2012/11/25 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\SoftGrid Client
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ssmci
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Temp
[2011/03/08 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\TP
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\wargaming.net
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Windows Live Writer
[2013/08/11 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\.minecraft
[2012/11/25 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\AVG2013
[2013/08/10 22:45:20 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Azureus
[2013/02/03 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Firefly Studios
[2013/07/21 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\ftblauncher
[2013/04/05 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC
[2013/04/05 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC Sync
[2012/11/25 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\TuneUp Software
[2013/06/28 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\uTorrent
[2013/05/28 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Wargaming.net

========== Purity Check ==========

< End of report >

ken545

2013-08-17, 19:47

Be back in a few hours, I will be offline until this evening, hang in my friend

fatcodycat

2013-08-17, 19:55

Don't worry - I will be here!!!

And thanks for all your help!!!

Be back in a few hours, I will be offline until this evening, hang in my friend

ken545

2013-08-17, 22:04

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
[2013/07/20 01:51:00 | 000,311,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/07/20 01:51:00 | 000,311,608 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
[2013/07/20 01:50:56 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2013/07/20 01:50:56 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2013/07/20 01:50:50 | 000,206,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2013/07/30 17:53:52 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk

:Services

:Reg

:Files
ipconfig /flushdns /c
C:\32788R22FWJFW

:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Then run a new scan with OTL and lets make sure there gone

fatcodycat

2013-08-17, 23:04

Hi

Loaded up OTL, pasted in to log file above - then pressed Run fix.

OTL goes into "program not responding" mode and just "hangs".

am I doing something wrong???

ken545

2013-08-18, 01:41

Lets try doing this in Safemode

To Enter Safemode

Go to Start> Shut off your Computer> Restart
As the computer starts to boot-up, Tap the F8 KEY somewhat rapidly,
this will bring up a menu.
Use the Up and Down Arrow Keys to scroll up to Safemode with Networking
Then press the Enter Key on your Keyboard

Tutorial if you need it How to boot into Safemode (http://www.bleepingcomputer.com/tutorials/tutorial61.html)

fatcodycat

2013-08-18, 11:17

Hello

It worked!!! OTL log below.

========== OTL ==========
No active process named Program Files was found!
No active process named Program Files was found!
Service avgwd stopped successfully!
Service avgwd deleted successfully!
File C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe not found.
Service AVGIDSAgent stopped successfully!
Service AVGIDSAgent deleted successfully!
File C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe not found.
Error: Unable to stop service Avgloga!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgloga deleted successfully.
C:\Windows\SysNative\drivers\avgloga.sys moved successfully.
Service AVGIDSDriver stopped successfully!
Service AVGIDSDriver deleted successfully!
C:\Windows\SysNative\drivers\avgidsdrivera.sys moved successfully.
Error: Unable to stop service AVGIDSHA!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVGIDSHA deleted successfully.
C:\Windows\SysNative\drivers\avgidsha.sys moved successfully.
Service Avgldx64 stopped successfully!
Service Avgldx64 deleted successfully!
C:\Windows\SysNative\drivers\avgldx64.sys moved successfully.
Error: Unable to stop service Avgrkx64!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgrkx64 deleted successfully.
C:\Windows\SysNative\drivers\avgrkx64.sys moved successfully.
Error: Unable to stop service Avgmfx64!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgmfx64 deleted successfully.
C:\Windows\SysNative\drivers\avgmfx64.sys moved successfully.
Error: Unable to stop service Avgtdia!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Avgtdia deleted successfully.
C:\Windows\SysNative\drivers\avgtdia.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_UI deleted successfully.
C:\Program Files (x86)\AVG\AVG2013\avgui.exe moved successfully.
File C:\Windows\SysNative\drivers\avgloga.sys not found.
File C:\Windows\SysNative\drivers\avgidsdrivera.sys not found.
File C:\Windows\SysNative\drivers\avgidsha.sys not found.
File C:\Windows\SysNative\drivers\avgldx64.sys not found.
File C:\Windows\SysNative\drivers\avgloga.sys not found.
File C:\Windows\SysNative\drivers\avgidsdrivera.sys not found.
File C:\Windows\SysNative\drivers\avgidsha.sys not found.
File C:\Windows\SysNative\drivers\avgldx64.sys not found.
C:\Users\Public\Desktop\AVG 2013.lnk moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========

OTL by OldTimer - Version 3.2.69.0 log created on 08182013_101056

ken545

2013-08-18, 12:33

Go ahead and run a new scan with OTL and post the log please.

Then run this quick free program, it checks for any Anti Virus ( security programs ) and will remove the ones you choose, lets see if AVG is still listed and if so have it remove it. You just want to free one

http://www.appremover.com/

Also just drag Combofix to the trash. Its updated on a regular basis so if we ever need to run it again in the future you would need a fresh new download

fatcodycat

2013-08-18, 15:56

New OTL Log

OTL logfile created on: 18/08/2013 14:37:46 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\steves\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.93 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 42.89% Memory free
7.87 Gb Paging File | 4.71 Gb Available in Paging File | 59.93% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 112.97 Gb Free Space | 16.17% Space Free | Partition Type: NTFS
Drive E: | 7.39 Gb Total Space | 6.64 Gb Free Space | 89.79% Space Free | Partition Type: FAT32

Computer Name: STEVES-PC | User Name: steves | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\steves\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0149e914e4cfbde7da65d4558af19ce0\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe ()
MOD - C:\Windows\SysWOW64\msjetoledb40.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll ()
MOD - C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll ()

========== Services (SafeList) ==========

SRV:[b]64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV:64bit: - (AERTFilters) -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (HTCMonitorService) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe (Nero AG)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (IT9135BDA) -- C:\Windows\SysNative\drivers\IT9135BDA.sys (ITE )
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes,DefaultScope = {70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..\SearchScopes\{70903C48-6C44-4F6E-AAD9-9BC8BB1D4FAD}: "URL" = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\steves\AppData\Local\Roblox\Versions\version-7cb7ff22d9334da0\\NPRobloxProxy.dll ()

O1 HOSTS File: ([2013/08/15 22:14:31 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Akamai NetSession Interface] C:\Users\steves\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [IomegaEncryption] C:\Program Files\Iomega\Iomega Encryption\Iomega Encryption.exe (PLX Technology)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\steven\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4293206663-3280212633-2623293166-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5087DAA1-1A4D-4468-8C96-F797F176D1D6}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/17 21:58:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/08/17 01:15:50 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/08/17 01:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2013/08/17 01:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2013/08/16 22:04:48 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/08/16 22:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/08/16 19:05:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013/08/16 19:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/08/16 19:04:52 | 000,867,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/16 19:04:52 | 000,789,416 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/16 19:04:52 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/16 19:04:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/16 19:04:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/16 19:04:43 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/08/16 19:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/08/16 19:03:54 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/08/16 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/08/16 09:52:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/08/15 07:17:13 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Roaming\Malwarebytes
[2013/08/15 07:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/15 07:16:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/15 07:16:52 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/15 07:16:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/15 07:04:43 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/08/14 20:59:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/08/14 11:59:52 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/14 11:59:52 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/14 11:59:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/14 11:59:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/14 11:59:51 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 11:59:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/14 11:59:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/14 11:59:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/14 11:59:51 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/14 11:59:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/14 11:59:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/14 11:59:49 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 11:59:49 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/14 11:59:49 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 11:38:09 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 11:38:09 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 11:38:07 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 11:37:41 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 11:37:41 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 11:37:40 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 11:37:39 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 11:37:38 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 11:37:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 11:37:37 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 11:37:37 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 11:37:36 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 11:37:35 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 11:37:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 11:37:34 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/08/12 14:28:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/12 13:42:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/12 13:42:39 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2013/08/12 07:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/08/11 20:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/08/10 14:11:09 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\Kindle books
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\Documents\ArmA 2 OA Demo
[2013/08/07 20:19:40 | 000,000,000 | ---D | C] -- C:\Users\steves\AppData\Local\ArmA 2 OA DEMO
[2013/08/06 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\MORGAGE
[2013/08/03 20:57:58 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/31 12:02:59 | 000,000,000 | ---D | C] -- C:\Users\steves\Desktop\config
[2013/07/21 19:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2013/08/18 14:16:20 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 14:16:20 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/18 14:06:09 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/18 14:05:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/18 14:05:17 | 3168,043,008 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/18 09:51:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/18 09:45:06 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/17 11:43:42 | 000,001,354 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Player.lnk
[2013/08/17 11:43:42 | 000,001,173 | ---- | M] () -- C:\Users\steves\Desktop\ROBLOX Studio 2013.lnk
[2013/08/17 01:16:58 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-STEVES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/17 01:14:55 | 000,002,239 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/08/16 22:04:48 | 000,001,268 | ---- | M] () -- C:\Users\steves\Desktop\Revo Uninstaller.lnk
[2013/08/16 19:04:32 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/08/16 19:04:26 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/08/16 19:04:26 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/08/16 19:04:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/08/16 19:04:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013/08/16 19:04:23 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/08/16 09:53:28 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/08/15 22:14:31 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/15 07:16:59 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 20:59:44 | 000,001,108 | ---- | M] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/14 11:56:33 | 000,741,242 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/14 11:56:33 | 000,620,524 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/14 11:56:33 | 000,110,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/11 12:46:10 | 000,217,600 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/08/11 12:46:10 | 000,176,128 | ---- | M] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/08/07 19:08:40 | 000,000,221 | ---- | M] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/27 16:04:47 | 000,000,000 | ---- | M] () -- C:\search.sqlite
[2013/07/26 06:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/26 06:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/26 06:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/26 06:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/26 06:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/26 06:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/26 06:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/26 06:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/26 04:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/26 04:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/26 04:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/26 04:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/26 04:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/26 03:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/26 02:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 10:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 09:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/21 19:15:27 | 000,002,212 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/07/21 16:18:51 | 000,512,825 | ---- | M] () -- C:\Users\steves\Desktop\FTB_Launcher.exe
[2013/07/21 09:52:03 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/07/21 09:52:03 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013/08/17 01:16:58 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-STEVES-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/08/17 01:14:55 | 000,002,239 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
[2013/08/16 22:04:48 | 000,001,268 | ---- | C] () -- C:\Users\steves\Desktop\Revo Uninstaller.lnk
[2013/08/16 09:53:28 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/08/16 09:53:08 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/08/15 07:16:59 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/14 20:59:44 | 000,001,108 | ---- | C] () -- C:\Users\steves\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/08/07 19:08:39 | 000,000,221 | ---- | C] () -- C:\Users\steves\Desktop\Arma 2 Operation Arrowhead Demo.url
[2013/07/31 12:04:06 | 000,217,600 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x64.dll
[2013/07/31 12:04:06 | 000,176,128 | ---- | C] () -- C:\Users\steves\Desktop\jacob-1.17-M2-x86.dll
[2013/07/27 16:04:47 | 000,000,000 | ---- | C] () -- C:\search.sqlite
[2013/07/21 19:15:27 | 000,002,212 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2013/02/04 19:31:57 | 000,281,288 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/02/04 19:31:56 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/12/09 19:12:04 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/11/25 12:57:38 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\.minecraft
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\AVG2012
[2012/11/25 12:57:39 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Azureus
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\CompuClever
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\FreeAudioPack
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ImgBurn
[2012/11/25 12:57:43 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\InfraRecorder
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\iScreensaver
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\NCH Swift Sound
[2012/06/20 19:49:25 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Outlook
[2012/11/25 12:57:44 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\SoftGrid Client
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\ssmci
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Temp
[2011/03/08 21:51:13 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\TP
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\wargaming.net
[2012/11/25 12:28:45 | 000,000,000 | ---D | M] -- C:\Users\steven\AppData\Roaming\Windows Live Writer
[2013/08/11 12:40:07 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\.minecraft
[2012/11/25 17:59:54 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\AVG2013
[2013/08/10 22:45:20 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Azureus
[2013/02/03 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Firefly Studios
[2013/07/21 16:18:52 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\ftblauncher
[2013/04/05 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC
[2013/04/05 15:20:49 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\HTC Sync
[2012/11/25 17:59:16 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\TuneUp Software
[2013/06/28 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\uTorrent
[2013/05/28 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\steves\AppData\Roaming\Wargaming.net

========== Purity Check ==========

< End of report >

fatcodycat

2013-08-18, 16:58

ran the app-remover and it appears to have taken care of AVG¬!!!! YAY!!!!

ken545

2013-08-18, 18:21

Great Job :thanks:

Don't see any trace of AVG on your new log. Let me ask you, did AVG still show up as a list of programs to uninstall when you ran AppRemover ??

fatcodycat

2013-08-18, 19:45

Yes AVG was there - it took ages to remove it but I left it going and came back after about an hour and it said it had finished!

ken545

2013-08-18, 23:03

Wonderful, looks like your on your way and rid of me for awhile :)

Take care
Ken :)

fatcodycat

2013-08-19, 11:11

Many many thanks, it is now working much better and with No AVG!!!! yay!!!

thanks

ken545

2013-08-19, 12:16

:bigthumb: