Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

some links and videos don't work , flash and java don't upda
Goto page 1, 2  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 11, 2016 3:28 pm    Post subject: some links and videos don't work , flash and java don't upda Reply with quote

Sorry, for not responding. real world created problems.

I am working on my Mom's computer. It's running Window 7. When you click on some links or try to watch some videos the won't work. I know they should work, because I have used those links or watched the videos on my computer. Her computer also tells her their are java updates and flash updates available, but when she tries to download them, they say her java or flash is up to date. She is using Internet Explorer 11 and it locks up and crashes frequently.

I reran dds.scr and here are her logs.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18283 BrowserJavaVersion: 11.71.2
Run by Deborah at 17:00:41 on 2016-05-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3061.1644 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
SP: Microsoft Security Essentials *Enabled/Updated* {CDE0C533-D3CD-62A1-E772-AFADDF863628}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\CSHelper.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
C:\Windows\Explorer.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
C:\Windows\system32\PSIService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FAMTEMA.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNEMA.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\System32\svchost.exe -k utcsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uWindow Title = Internet Explorer provided by Dell
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: MHTBPos00 Class: {0C37B053-FD68-456a-82E1-D788EE342E6F} - c:\program files\family toolbar\tbcore3.dll
BHO: Do Not Track Me: {6E45F3E8-2683-4824-A6BE-08108022FB36} - c:\program files\donottrackplus\ie\DNTPAddon.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_71\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_71\bin\jp2ssv.dll
BHO: Alawar Elements: {E33FF41E-53CB-4D93-885A-FFEFA04CD804} - c:\program files\alawar elements\ScriptHost.dll
BHO: {e86e69ac-a2ce-415a-967e-70ded47d72e2} - <orphaned>
TB: Family Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\family toolbar\tbcore3.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Family Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\family toolbar\tbcore3.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [EPSON Artisan 800(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_SD49F.tmp" /EF "HKCU"
uRun: [ISUSPM] c:\programdata\flexnet\connect\11\ISUSPM.exe -scheduler
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WeatherBug] c:\program files\earth networks\weatherbug\WeatherBug.exe /fromrunkey
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEVENT~1.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Family Tree Builder Update] c:\myheritage\bin\FTBCheckUpdates.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [InstallerLauncher] "c:\program files\common files\bitdefender\setupinformation\{6f57816a-791a-4159-a75f-cfd0c7ea4fbf}\setuplauncher.exe" /run:"c:\program files\common files\bitdefender\setupinformation\{6f57816a-791a-4159-a75f-cfd0c7ea4fbf}\Installer.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [1157840481] c:\progra~1\egames\bricks~1\register\egames~1.exe /r "c:\progra~1\egames\bricks~1\register\EGAMES~1.rpd"
mRun: [Logitech Download Assistant] c:\windows\system32\rundll32.exe c:\windows\system32\LogiLDA.dll,LogiFetch
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\deborah\appdata\roaming\micros~1\windows\startm~1\programs\startup\jledwa~1.lnk - c:\program files\jl edwardian advent calendar 2014\JL Edwardian Advent Calendar 2014.exe
StartupFolder: c:\users\deborah\appdata\roaming\micros~1\windows\startm~1\programs\startup\jlvict~1.lnk - c:\program files\jl victorian calendar\JL Victorian Calendar.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {6E45F3E8-2683-4824-A6BE-08108022FB36} - {23249465-AA46-4DED-BD4B-8EFB20F968FE} - c:\program files\donottrackplus\ie\DNTPAddon.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: ancestry.com
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
TCP: NameServer = 192.168.0.1 205.171.202.166
TCP: Interfaces\{170BCFF2-1531-4B40-BC2A-8021A841A780} : NameServer = 4.2.2.2,4.2.2.3
TCP: Interfaces\{170BCFF2-1531-4B40-BC2A-8021A841A780} : DHCPNameServer = 192.168.0.1 205.171.202.166
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\50.0.2661.94\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "c:\windows\system32\rundll32.exe" "c:\program files\adobe\acrobat reader dc\esl\AiodLite.dll",CreateReaderUserSettings
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2008-7-15 79052]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2015-11-13 253704]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-2-1 266240]
R2 DiagTrack;Diagnostics Tracking Service;c:\windows\system32\svchost.exe -k utcsvc [2009-7-13 20992]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2014-7-17 104664]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2016-1-29 292816]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2009-7-13 266752]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2015-11-5 105144]
S2 pdserv;Bitdefender 60-Second Virus Scanner Service;c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc --> c:\program files\bitdefender\60-second virus scanner\pdscan.exe \svc [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2016-4-13 102912]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-16 14848]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-16 49664]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-18 1343400]
S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2015-4-3 380064]
.
=============== File Associations ===============
.
FileExt: .js: Applications\notepad.exe=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2016-05-11 15:36:18 915640 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c60da111-b50d-441c-98d9-7a2beb4f8b87}\gapaengine.dll
2016-05-11 15:35:58 9317056 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{3303bf6e-a2ef-47d8-b7eb-f8d8c6db8f06}\mpengine.dll
2016-05-10 14:28:54 9317056 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2016-05-06 15:54:31 912000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{279f115c-38a3-4f16-acc1-9e86675afb9e}\gapaengine.dll
2016-04-23 23:57:38 -------- d-----w- c:\users\deborah\appdata\roaming\SilverTale
2016-04-23 23:53:44 -------- d-----w- c:\program files\Silver Tale
2016-04-20 06:03:00 -------- d-----w- c:\users\deborah\appdata\roaming\quickclick
2016-04-17 22:25:52 -------- d-----w- c:\users\deborah\appdata\roaming\Jewel Match Snowscapes
2016-04-17 20:52:35 -------- d-----w- c:\program files\Jewel Match - Snowscapes
2016-04-15 23:53:31 -------- d-----w- c:\program files\iPod
2016-04-15 23:53:30 -------- d-----w- c:\program files\iTunes
2016-04-15 23:51:54 -------- d-----w- c:\program files\Bonjour
2016-04-13 18:35:42 376320 ----a-w- c:\windows\system32\rpcss.dll
2016-04-13 18:35:33 2397184 ----a-w- c:\windows\system32\win32k.sys
2016-04-13 18:35:24 65536 ----a-w- c:\windows\system32\acmigration.dll
2016-04-13 18:35:24 560640 ----a-w- c:\windows\system32\generaltel.dll
2016-04-13 18:35:24 424960 ----a-w- c:\windows\system32\devinv.dll
2016-04-13 18:35:24 34024 ----a-w- c:\windows\system32\CompatTelRunner.exe
2016-04-13 18:35:24 232960 ----a-w- c:\windows\system32\invagent.dll
2016-04-13 18:35:24 1218048 ----a-w- c:\windows\system32\appraiser.dll
2016-04-13 18:35:23 957952 ----a-w- c:\windows\system32\aeinv.dll
2016-04-13 18:35:23 177664 ----a-w- c:\windows\system32\aepic.dll
2016-04-13 18:33:41 38400 ----a-w- c:\program files\internet explorer\DiagnosticsHub_is.dll
2016-04-13 18:31:44 566272 ----a-w- c:\windows\system32\samsrv.dll
2016-04-13 18:31:43 60416 ----a-w- c:\windows\system32\samlib.dll
2016-04-13 18:31:32 2048 ----a-w- c:\windows\system32\tzres.dll
2016-04-13 18:30:50 57280 ----a-w- c:\windows\system32\drivers\disk.sys
2016-04-13 18:23:18 2048 ----a-w- c:\windows\system32\msxml3r.dll
2016-04-13 18:23:18 1240576 ----a-w- c:\windows\system32\msxml3.dll
2016-04-13 18:22:10 257864 ----a-w- c:\windows\system32\wbem\Win32_Tpm.dll
2016-04-13 18:22:09 97792 ----a-w- c:\windows\system32\fveapibase.dll
2016-04-13 18:22:09 355456 ----a-w- c:\windows\system32\fveapi.dll
2016-04-13 18:22:09 15360 ----a-w- c:\windows\system32\tbs.dll
2016-04-12 19:33:01 -------- d-----w- c:\users\deborah\appdata\roaming\Jewel Match Twilight
2016-04-12 18:29:25 -------- d-----w- c:\users\deborah\appdata\roaming\IteraLabs
2016-04-12 18:20:06 -------- d-----w- c:\program files\Jewel Match - Twilight
2016-04-12 18:17:14 -------- d-----w- c:\program files\Imperial Island 3
2016-04-12 17:48:50 -------- d-----w- c:\program files\ClearIt
.
==================== Find3M ====================
.
2016-04-22 07:57:44 374944 ------w- c:\windows\system32\MpSigStub.exe
2016-04-08 23:39:36 797376 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2016-04-08 23:39:36 142528 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2016-03-31 00:02:57 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2016-03-31 00:02:46 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2016-03-30 23:53:52 496640 ----a-w- c:\windows\system32\vbscript.dll
2016-03-30 23:52:58 62464 ----a-w- c:\windows\system32\iesetup.dll
2016-03-30 23:52:36 47616 ----a-w- c:\windows\system32\ieetwproxystub.dll
2016-03-30 23:52:30 341504 ----a-w- c:\windows\system32\html.iec
2016-03-30 23:52:15 64000 ----a-w- c:\windows\system32\MshtmlDac.dll
2016-03-30 23:45:45 102912 ----a-w- c:\windows\system32\ieetwcollector.exe
2016-03-30 23:45:41 115712 ----a-w- c:\windows\system32\ieUnatt.exe
2016-03-30 23:45:24 620032 ----a-w- c:\windows\system32\jscript9diag.dll
2016-03-30 23:41:07 667648 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2016-03-30 23:34:28 60416 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2016-03-30 23:30:42 4611072 ----a-w- c:\windows\system32\jscript9.dll
2016-03-30 23:23:09 2056192 ----a-w- c:\windows\system32\inetcpl.cpl
2016-03-30 23:22:53 1155072 ----a-w- c:\windows\system32\mshtmlmedia.dll
2016-03-30 23:05:23 2121216 ----a-w- c:\windows\system32\wininet.dll
2016-03-17 22:36:28 3998952 ----a-w- c:\windows\system32\ntkrnlpa.exe
2016-03-17 22:36:28 3943144 ----a-w- c:\windows\system32\ntoskrnl.exe
2016-03-17 22:36:27 67304 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2016-03-17 22:36:27 137960 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2016-03-17 22:33:29 1310528 ----a-w- c:\windows\system32\ntdll.dll
2016-03-17 22:30:52 171008 ----a-w- c:\windows\system32\winsrv.dll
2016-03-17 22:30:43 171520 ----a-w- c:\windows\system32\wdigest.dll
2016-03-17 22:30:35 65536 ----a-w- c:\windows\system32\TSpkg.dll
2016-03-17 22:30:02 99840 ----a-w- c:\windows\system32\sspicli.dll
2016-03-17 22:30:00 43008 ----a-w- c:\windows\system32\srclient.dll
2016-03-17 22:30:00 400896 ----a-w- c:\windows\system32\srcore.dll
2016-03-17 22:29:31 50176 ----a-w- c:\windows\system32\setbcdlocale.dll
2016-03-17 22:29:26 22016 ----a-w- c:\windows\system32\secur32.dll
2016-03-17 22:29:24 251392 ----a-w- c:\windows\system32\schannel.dll
2016-03-17 22:29:22 655360 ----a-w- c:\windows\system32\rpcrt4.dll
2016-03-17 22:29:22 141312 ----a-w- c:\windows\system32\rpchttp.dll
2016-03-17 22:28:21 1414144 ----a-w- c:\windows\system32\ole32.dll
2016-03-17 22:27:53 223232 ----a-w- c:\windows\system32\ncrypt.dll
2016-03-17 22:27:50 260608 ----a-w- c:\windows\system32\msv1_0.dll
2016-03-17 22:27:46 60416 ----a-w- c:\windows\system32\msobjs.dll
2016-03-17 22:27:31 146432 ----a-w- c:\windows\system32\msaudite.dll
2016-03-17 22:26:32 1062400 ----a-w- c:\windows\system32\lsasrv.dll
2016-03-17 22:26:26 553984 ----a-w- c:\windows\system32\kerberos.dll
2016-03-17 22:26:26 294400 ----a-w- c:\windows\system32\KernelBase.dll
2016-03-17 22:25:01 38912 ----a-w- c:\windows\system32\csrsrv.dll
2016-03-17 22:25:00 17408 ----a-w- c:\windows\system32\credssp.dll
2016-03-17 21:42:24 97792 ----a-w- c:\windows\system32\appidpolicyconverter.exe
2016-03-17 21:42:22 50688 ----a-w- c:\windows\system32\drivers\appid.sys
2016-03-17 21:42:15 29696 ----a-w- c:\windows\system32\appidsvc.dll
2016-03-17 21:42:14 16896 ----a-w- c:\windows\system32\appidcertstorecheck.exe
2016-03-17 21:41:01 50176 ----a-w- c:\windows\system32\auditpol.exe
2016-03-17 21:36:22 271360 ----a-w- c:\windows\system32\conhost.exe
2016-03-17 21:35:10 262656 ----a-w- c:\windows\system32\rstrui.exe
2016-03-17 21:30:47 226304 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2016-03-17 21:30:41 98304 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2016-03-17 21:30:35 124416 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2016-03-17 21:29:13 36352 ----a-w- c:\windows\system32\cryptbase.dll
2016-03-17 21:29:12 22016 ----a-w- c:\windows\system32\lsass.exe
2016-03-17 21:29:10 15872 ----a-w- c:\windows\system32\sspisrv.dll
2016-03-17 21:29:07 69632 ----a-w- c:\windows\system32\smss.exe
2016-03-17 21:29:00 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-17 21:29:00 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-17 21:29:00 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-17 21:29:00 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-16 18:28:15 111616 ----a-w- c:\windows\system32\mtxoci.dll
2016-03-16 18:28:12 176128 ----a-w- c:\windows\system32\msorcl32.dll
2016-02-12 18:39:55 2956288 ----a-w- c:\windows\system32\wucltux.dll
2016-02-12 18:39:55 174080 ----a-w- c:\windows\system32\wuwebv.dll
2016-02-12 18:26:42 73728 ----a-w- c:\windows\system32\WinSetupUI.dll
2016-02-12 18:05:17 93696 ----a-w- c:\windows\system32\wudriver.dll
2016-02-12 18:05:13 35328 ----a-w- c:\windows\system32\wuapp.exe
2016-02-12 18:05:07 11776 ----a-w- c:\windows\system32\wu.upgrade.ps.dll
.
============= FINISH: 17:03:06.61 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/28/2009 10:13:36 PM
System Uptime: 5/11/2016 9:02:09 AM (8 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | Socket 775 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 145.446 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.314 GiB free.
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: Freedom Scientific Mirror Display Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: Freedom Scientific
Name: Freedom Scientific Mirror Display Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: fsvidmir
.
Class GUID: {4d36e965-e325-11ce-bfc1-08002be10318}
Description: CD-ROM Drive
Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-H653F_______________D200____\5&1DFB5792&0&1.0.0
Manufacturer: (Standard CD-ROM drives)
Name: TSSTcorp DVD+-RW TS-H653F ATA Device
PNP Device ID: IDE\CDROMTSSTCORP_DVD+-RW_TS-H653F_______________D200____\5&1DFB5792&0&1.0.0
Service: cdrom
.
==== System Restore Points ===================
.
RP920: 4/17/2016 9:01:17 AM - Windows Update
RP921: 4/20/2016 9:12:49 AM - Windows Update
RP922: 4/24/2016 9:55:24 AM - Windows Update
RP923: 4/27/2016 10:01:50 AM - Windows Update
RP924: 5/1/2016 10:19:53 AM - Windows Update
RP925: 5/6/2016 12:13:27 AM - Windows Update
RP926: 5/10/2016 8:28:12 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
3D Knifflis: The Whole World in 3D!
4 Elements II
7 Wonders: Ancient Alien Makeover
7 Wonders: Magical Mystery Tour
7 Wonders: Treasures of Seven
A Magnetic Adventure
Abundante
Acrobat.com
Adobe Acrobat Reader DC
Adobe AIR
Adobe Flash Player 21 ActiveX
Adobe Flash Player 21 NPAPI
Adore Puzzle
Age of Japan 2
Alawar Elements
Amazing Adventures Riddle of the Two Knights ™
Amazing Adventures: Around the World
Amazing Adventures: The Caribbean Secret
Amazing Adventures: The Forgotten Dynasty
Amazing Adventures: The Lost Tomb
Amazing Pyramids
Amazon Kindle For PC v1.0
Amazon MP3 Downloader 1.0.17
Ancient Mosaic
Angelica Weaver: Catch Me When You Can
Apple Application Support (32-bit)
Apple Mobile Device Support
Apple Software Update
Aquaball
Aquascapes
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Arizona Rose and the Pirates' Riddles
Around the World in 80 Days
ArtistScope Plugin IE
Asian Riddles
Atlantic Quest
Atlantis Sky Patrol™
Atlantis: Pearls of the Deep
Aveyond: Lord of Twilight
Azada
Azada: Ancient Magic ™
Azada: In Libro
Aztec Bricks
Banctec Service Agreement
Bengal - Game of Gods
Big City Adventure: Barcelona
Big City Adventure: London Classic
Big City Adventure: Paris
Big City Adventure: Vancouver Collector's Edition
Big Fish: Game Manager
Big Kahuna Reef 3
Bitdefender 60-Second Virus Scanner
Bonjour
Brick Quest 2
Bricks of Atlantis
Bricks of Egypt
Browser Address Error Redirector
Chocolatier 3: Decadence by Design
Christmas Griddlers
Christmas Puzzle
Chuzzle Deluxe 1.0
ClearIt
ClickArt 950,000 v. 2
Conexant D850 PCI V.92 Modem
Corel Painter X
Corel WinDVD
Cradle of Egypt
Cradle of Rome
Cradle of Rome 2
Crystal Reports for Visual Studio
Curse of the Pharaoh: Napoleon's Secret ™
Curse of the Pharaoh: Tears of Sekhmet
D3DX10
Deep Blue Sea
Dell Driver Download Manager
Dell Getting Started Guide
Dell Photo AIO Printer 942
Digital Line Detect
Do Not Track Me Add-on 2.2.8.122
Document Express DjVu Plug-in (autoinstall)
Dotfuscator Software Services - Community Edition
DragonStone ™
Drawn™: Trail of Shadows Collector's Edition
EDocs
eGames GameButler
Emberwing: Lost Legacy Collector's Edition
Empire Builder - Ancient Egypt
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Config V3
EpsonNet Print
Fairies
Fairway Solitaire
Fairy Treasure
Fantasy Mosaics 5
Fax Solutions
FishCo
Fishdom
Fishdom - Spooky Splash
Fishdom 2
Fishdom 3 Collector's Edition
Fishdom H2O: Hidden Odyssey
Fishdom: Depths of Time Collector's Edition
Fishdom: Frosty Splash
Fishdom: Seasons Under the Sea
Forgotten Riddles - The Mayan Princess
FTDI USB Serial Converter Drivers
GDR 5520 for SQL Server 2008 (KB2977321)
GDR 5538 for SQL Server 2008 (KB3045305)
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist 8.0.0.514
Haunted Legends: The Queen of Spades
Hawaiian Explorer Pearl Harbor
Heroes of Hellas 2: Olympia
Heroes of Hellas 3: Athens
Hidato Adventures
Hidden Expedition &reg; - Devil's Triangle
Hidden Expedition &reg;: Amazon
Hidden Expedition Titanic (remove only)
Hidden Expedition: Smithsonian Castle Collector's Edition
Hidden Expedition: The Fountain of Youth Collector's Edition
Hidden Mysteries &reg;: Civil War
Hidden Mysteries: Buckingham Palace ™
Hidden Mysteries: Notre Dame - Secrets of Paris
Hidden Wonders of the Depths
Hidden Wonders of the Depths 2
Hidden Wonders of the Depths 3: Atlantis Adventures
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2890573)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB3002340)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
House of 1000 Doors: Family Secrets
html01sp
html03sp
html05sp
Hungry For Gems
Imperial Island 3
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections 12.1.11.0
Intel(R) TV Wizard
iTunes
Jacquie Lawson Edwardian Advent Calendar
Jacquie Lawson Victorian Calendar
Java 7 Update 71
Java Auto Updater
Jewel Legends: Tree of Life
Jewel Match: Snowscapes
Jewel Match: Twilight
Jigsaw Boom 2
Junk Mail filter update
Laura Jones and the Secret Legacy of Nikola Tesla
League of Mermaids
League of Mermaids: Pearl Saga
Luxor Adventures
Luxor Amun Rising
Luxor HD
Luxor Mahjong (remove only)
Luxor: 5th Passage
Macromedia Shockwave Player
Mae Q`West and the Sign of the Stars
Magic Vines&trade;
Mahjong Towers Eternity
Mahjongg Master 5
Marblez
Mayan Puzzle
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.6.1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Design 3
Microsoft Expression Encoder 3
Microsoft Expression Studio 3
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Help Viewer 1.1
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Mirror Mixup
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Mummy's Treasure
Music, Photos & Videos Launcher
MyHeritage Family Tree Builder
Mystery Case Files &reg;: 13th Skull ™
Mystery Case Files&reg;: Dire Grove™
Mystery Case Files&reg;: Escape from Ravenhearst™
Mystery Case Files&reg;: Fate's Carnival
Mystery Case Files&reg;: Shadow Lake Collector's Edition
Mystery Case Files: Dire Grove, Sacred Grove Collector's Edition
Mystery Case Files: Huntsville - Detective Training
Mystery Case Files: Key to Ravenhearst Collector's Edition
Mystery Case Files: Madame Fate &reg;
Mystery Case Files: Prime Suspects ™
Mystery Case Files: Ravenhearst Unlocked Collector's Edition
Mystery Case Files: Return to Ravenhearst ™
Mystic Gateways: The Celestial Quest
Nearwood Collector's Edition
NetWaiting
Nightfall Mysteries: Asylum Conspiracy
Nightfall Mysteries: Curse of the Opera
Notepad++
Ocean Express
OGA Notifier 2.0.0048.0
OpenAL
Pahelika: Secret Legends
PDF-XChange 3
Peggle Deluxe
Pharaoh`s Mystery
Product Documentation Launcher
Realtek High Definition Audio Driver
Ricochet: Infinity
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
SandScript
Security Update for Microsoft .NET Framework 4.6.1 (KB3122661)
Security Update for Microsoft .NET Framework 4.6.1 (KB3127233)
Security Update for Microsoft .NET Framework 4.6.1 (KB3136000)
Security Update for Microsoft .NET Framework 4.6.1 (KB3143693)
Security Update for Microsoft Expression Design 3 (KB2667727)
Security Update for Microsoft Office 2007 suites (KB2596650) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687409) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2825645) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881067) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2956110) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085549) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3085620) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3114542) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB3114742) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114895) 32-Bit Edition
Security Update for Microsoft Office Compatibility Pack Service Pack 3 (KB3114982) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB3114892) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2889915) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB3114429) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB3114983) 32-Bit Edition
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Sentinel System Driver
Service Pack 3 for SQL Server 2008 (KB2546951)
Settlement: Colossus
Sherlock Holmes and the Hound of the Baskervilles
Silver Tale
Slingo Mystery: Who's Gold
Slingo Quest
Slingo Quest Egypt
Slingo Quest Hawaii
Slingo Supreme (tb) (remove only)
Spelling Dictionaries Support For Adobe Reader 8
Sql Server Customer Experience Improvement Program
Strimko
SupportSoft Assisted Service
System Requirements Lab for Intel
Temple of Tangram
The Alley Strikes Back
The Count of Monte Cristo
The Da Vinci Code
The Flying Dutchman - In The Ghost Prison
The Print Shop 21
The Stone of Destiny
The Treasures of Montezuma 3
The Treasures of Montezuma 4
Tile Quest
Treasure Seekers: Visions of Gold ™
Treasures of the Deep
Ulead Burn.Now 4.5
Ulead Burn.Now 4.5 SE
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596787) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2965286) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vesuvia
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WCF RIA Services V1.0 SP1
WeatherBug®
Web Deployment Tool
Whispered Secrets: The Story of Tideville
Windows 7 Upgrade Advisor
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
World Mosaics
World Mosaics 2
World Mosaics 3 - Fairy Tales
World Mosaics 4
World Mosaics 5
World Mosaics 6
World of Zellians: Kingdom Builder ™
World Riddles: Animals
World Riddles: Secrets of the Ages
World Riddles: Seven Wonders
WOT for Internet Explorer
WPF Toolkit June 2009 (Version 3.5.40619.1)
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Software Update
YoWindow
Zuma's Revenge!
.
==== Event Viewer Messages From Past Week ========
.
5/9/2016 10:44:54 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.
5/8/2016 10:35:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user Sonny\Deborah SID (S-1-5-21-1100672905-2365331096-1695293828-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/8/2016 10:35:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Sonny\Deborah SID (S-1-5-21-1100672905-2365331096-1695293828-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/8/2016 10:35:53 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user Sonny\Deborah SID (S-1-5-21-1100672905-2365331096-1695293828-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/7/2016 12:02:56 PM, Error: Schannel [36888] - The following fatal alert was generated: 43. The internal error state is 252.
5/11/2016 9:03:52 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-1Cool from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
5/11/2016 9:03:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom
5/11/2016 9:03:19 AM, Error: Service Control Manager [7000] - The Bitdefender 60-Second Virus Scanner Service service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

Thanks for your help.
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 11, 2016 3:32 pm    Post subject: FRST.txt Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:09-05-2016
Ran by Deborah (administrator) on SONNY (11-05-2016 17:12:31)
Running from C:\Users\Deborah\Desktop\DEBI'S STUFF
Loaded Profiles: Deborah (Available Profiles: Deborah & DefaultAppPool)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AERTSrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\System32\CSHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
() C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
() C:\Windows\System32\PSIService.exe
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Abine Inc.) C:\Program Files\DoNotTrackPlus\IE\DNTPService.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FAMTEMA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FARNEMA.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [ECenter] => C:\Dell\E-Center\EULALauncher.exe [17920 2008-02-28] ( )
HKLM\...\Run: [EEventManager] => C:\Program Files\Epson Software\Event Manager\EEventManager.exe [591696 2008-05-07] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [Family Tree Builder Update] => C:\MyHeritage\Bin\FTBCheckUpdates.exe [229376 2011-12-21] (MyHeritage)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [InstallerLauncher] => "C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-4159-A75F-CFD0C7EA4FBF}\setuplauncher.exe" /run:"C:\Program Files\Common Files\Bitdefender\SetupInformation\{6F57816A-791A-41 (the data entry has 36 more characters).
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [986872 2016-01-29] (Microsoft Corporation)
HKLM\...\Run: [1157840481] => C:\Program Files\eGames\Bricks of Egypt\Register\eGamesRegistration.exe [57401 2005-06-27] (DataLode, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [2008-07-09] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [144384 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\Run: [EPSON Artisan 800(Network)] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE [188928 2008-04-06] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation)
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-04-23] (Google Inc.)
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\Run: [WeatherBug] => C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe [146736 2014-09-23] ()
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: {8f28b220-7989-11dd-afef-00219b0070dd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: {92011722-4a4e-11e3-bdd0-00219b0070dd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar 2014.lnk [2016-05-11]
ShortcutTarget: JL Edwardian Advent Calendar 2014.lnk -> C:\Program Files\JL Edwardian Advent Calendar 2014\JL Edwardian Advent Calendar 2014.exe ()
Startup: C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Victorian Calendar.lnk [2016-05-11]
ShortcutTarget: JL Victorian Calendar.lnk -> C:\Program Files\JL Victorian Calendar\JL Victorian Calendar.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.202.166
Tcpip\..\Interfaces\{170BCFF2-1531-4B40-BC2A-8021A841A780}: [NameServer] 4.2.2.2,4.2.2.3
Tcpip\..\Interfaces\{170BCFF2-1531-4B40-BC2A-8021A841A780}: [DhcpNameServer] 192.168.0.1 205.171.202.166

Internet Explorer:
==================
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: MHTBPos00 Class -> {0C37B053-FD68-456a-82E1-D788EE342E6F} -> C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
BHO: Do Not Track Me -> {6E45F3E8-2683-4824-A6BE-08108022FB36} -> C:\Program Files\DoNotTrackPlus\IE\DNTPAddon.dll [2013-01-22] (Abine)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2012-08-02] ()
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Alawar Elements -> {E33FF41E-53CB-4D93-885A-FFEFA04CD804} -> C:\Program Files\Alawar Elements\ScriptHost.dll [2013-11-27] (Alawar)
BHO: No Name -> {e86e69ac-a2ce-415a-967e-70ded47d72e2} -> No File
Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
Toolbar: HKLM - No Name - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - No File
Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-22] (Google Inc.)
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2012-08-02] ()

FireFox:
========
FF ProfilePath: C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\pywf8v65.default
FF Homepage: www.myyahoo.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @alawar.com/npapi -> C:\Windows\npapi.dll [2013-09-12] (Alawar)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-28] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1100672905-2365331096-1695293828-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll [2013-01-23] (Amazon.com, Inc.)
FF Extension: WOT - C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\pywf8v65.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-09-05]
FF Extension: Blur - C:\Users\Deborah\AppData\Roaming\Mozilla\Firefox\Profiles\pywf8v65.default\Extensions\donottrackplus@abine.com.xpi [2015-09-05]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-10-28] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-09]
CHR Extension: (YouTube) - C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-11]
CHR Extension: (Alawar Elements) - C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom [2013-12-29] [UpdateUrl: hxxps://elements.alawar.com/updates/en/alawar/chrome.xml] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-09]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 CSHelper; C:\Windows\system32\CSHelper.exe [266240 2010-02-01] () [File not signed]
S3 dlbu_device; C:\Windows\system32\dlbucoms.exe [538096 2007-02-28] ( )
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
R2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-16] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-10] (SEIKO EPSON CORPORATION)
S3 GoToAssist; C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe [16680 2008-07-09] (Citrix Online, a division of Citrix Systems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [292816 2016-01-29] (Microsoft Corporation)
U2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [174656 2006-11-02] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-26] (Microsoft Corporation)
S2 pdserv; C:\Program Files\Bitdefender\60-Second Virus Scanner\pdscan.exe \svc [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 AFS; C:\Windows\system32\Drivers\AFS.sys [79052 2008-07-15] (Oak Technology Inc.) [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [253704 2015-11-13] (Microsoft Corporation)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
R2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [73728 2001-06-22] (Rainbow Technologies, Inc.) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
U3 mbr; \??\C:\Users\Deborah\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 17:12 - 2016-05-11 17:12 - 00000000 ____D C:\FRST
2016-05-11 17:10 - 2016-05-11 17:10 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SONNY-Windows-7-Home-Premium-(32-bit).dat
2016-05-11 17:09 - 2016-05-11 17:09 - 00002187 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-05-11 17:09 - 2016-05-11 17:09 - 00000000 ____D C:\RegBackup
2016-05-11 17:09 - 2016-05-11 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-05-11 17:08 - 2016-05-11 17:09 - 00017398 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-05-11 17:08 - 2016-05-11 17:08 - 00000000 ____D C:\Program Files\Tweaking.com
2016-05-05 12:17 - 2016-05-11 17:12 - 00000000 ____D C:\Users\Deborah\Desktop\DEBI'S STUFF
2016-05-05 12:15 - 2016-05-11 17:03 - 00020694 _____ C:\Users\Deborah\Desktop\attach.txt
2016-04-23 17:57 - 2016-04-23 17:57 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\SilverTale
2016-04-23 17:54 - 2016-04-23 17:54 - 00001878 _____ C:\Users\Public\Desktop\Play Silver Tale.lnk
2016-04-23 17:54 - 2016-04-23 17:54 - 00001228 _____ C:\Users\Public\Desktop\More Great Games.lnk
2016-04-23 17:53 - 2016-04-23 17:54 - 00000000 ____D C:\Program Files\Silver Tale
2016-04-23 17:53 - 2016-04-23 17:53 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Silver Tale
2016-04-23 17:53 - 2016-04-23 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Silver Tale
2016-04-20 00:03 - 2016-04-20 00:03 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\quickclick
2016-04-17 16:25 - 2016-04-23 14:38 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Jewel Match Snowscapes
2016-04-17 14:53 - 2016-04-17 14:53 - 00001981 _____ C:\Users\Public\Desktop\Play Jewel Match - Snowscapes.lnk
2016-04-17 14:52 - 2016-04-17 14:53 - 00000000 ____D C:\Program Files\Jewel Match - Snowscapes
2016-04-17 14:52 - 2016-04-17 14:52 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Match - Snowscapes
2016-04-17 14:52 - 2016-04-17 14:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match - Snowscapes
2016-04-15 17:54 - 2016-04-15 17:54 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-15 17:54 - 2016-04-15 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-15 17:53 - 2016-04-15 17:54 - 00000000 ____D C:\Program Files\iTunes
2016-04-15 17:53 - 2016-04-15 17:53 - 00000000 ____D C:\Program Files\iPod
2016-04-15 17:51 - 2016-04-15 17:51 - 00000000 ____D C:\Program Files\Bonjour
2016-04-15 17:51 - 2016-04-15 17:51 - 00000000 ____D C:\Program Files\Apple Software Update
2016-04-13 12:35 - 2016-04-04 11:54 - 00034024 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 12:35 - 2016-04-04 11:42 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 12:35 - 2016-04-02 07:07 - 01218048 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 12:35 - 2016-03-29 11:35 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 12:35 - 2016-03-23 08:02 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 12:35 - 2016-03-17 12:04 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 12:35 - 2016-03-17 12:04 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 12:35 - 2016-03-17 12:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 12:35 - 2016-03-17 12:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 12:35 - 2016-02-02 12:48 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 12:34 - 2016-03-17 16:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2016-04-13 12:34 - 2016-03-17 16:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 12:34 - 2016-03-17 16:36 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 12:34 - 2016-03-17 16:36 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 12:34 - 2016-03-17 16:33 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 12:34 - 2016-03-17 16:30 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 12:34 - 2016-03-17 16:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 12:34 - 2016-03-17 16:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 12:34 - 2016-03-17 16:30 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 12:34 - 2016-03-17 16:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 12:34 - 2016-03-17 16:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 12:34 - 2016-03-17 16:29 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 12:34 - 2016-03-17 16:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 12:34 - 2016-03-17 16:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 12:34 - 2016-03-17 16:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 12:34 - 2016-03-17 16:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 12:34 - 2016-03-17 16:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 12:34 - 2016-03-17 16:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 12:34 - 2016-03-17 16:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 12:34 - 2016-03-17 16:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 12:34 - 2016-03-17 16:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 12:34 - 2016-03-17 16:26 - 01062400 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 12:34 - 2016-03-17 16:26 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 12:34 - 2016-03-17 16:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 12:34 - 2016-03-17 16:26 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 12:34 - 2016-03-17 16:25 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 12:34 - 2016-03-17 16:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 16:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 15:42 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 12:34 - 2016-03-17 15:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 12:34 - 2016-03-17 15:42 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 12:34 - 2016-03-17 15:42 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 12:34 - 2016-03-17 15:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 12:34 - 2016-03-17 15:36 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 12:34 - 2016-03-17 15:35 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 12:34 - 2016-03-17 15:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 12:34 - 2016-03-17 15:30 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 12:34 - 2016-03-17 15:30 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 12:34 - 2016-03-17 15:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 12:34 - 2016-03-17 15:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 12:34 - 2016-03-17 15:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 12:34 - 2016-03-17 15:29 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 12:34 - 2016-03-17 15:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 15:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 15:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 12:34 - 2016-03-17 15:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 12:34 - 2016-03-16 12:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\msorcl32.dll
2016-04-13 12:34 - 2016-03-16 12:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 12:33 - 2016-03-31 12:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 12:33 - 2016-03-30 18:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 12:33 - 2016-03-30 18:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 12:33 - 2016-03-30 18:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 12:33 - 2016-03-30 17:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 12:33 - 2016-03-30 17:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 12:33 - 2016-03-30 17:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 12:33 - 2016-03-30 17:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 12:33 - 2016-03-30 17:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 12:33 - 2016-03-30 17:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 12:33 - 2016-03-30 17:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 12:33 - 2016-03-30 17:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 12:33 - 2016-03-30 17:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 12:33 - 2016-03-30 17:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 12:33 - 2016-03-30 17:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 12:33 - 2016-03-30 17:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 12:33 - 2016-03-30 17:45 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 12:33 - 2016-03-30 17:41 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 12:33 - 2016-03-30 17:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 12:33 - 2016-03-30 17:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 12:33 - 2016-03-30 17:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 12:33 - 2016-03-30 17:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 12:33 - 2016-03-30 17:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 12:33 - 2016-03-30 17:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 12:33 - 2016-03-30 17:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 12:33 - 2016-03-30 17:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 12:33 - 2016-03-30 17:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 12:33 - 2016-03-30 17:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 12:33 - 2016-03-30 17:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 12:33 - 2016-03-30 17:23 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 12:33 - 2016-03-30 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 12:33 - 2016-03-30 17:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 12:33 - 2016-03-30 17:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 12:33 - 2016-03-30 17:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 12:33 - 2016-03-30 17:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 12:31 - 2016-03-15 17:53 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 12:31 - 2016-03-15 17:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 12:31 - 2016-03-11 12:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 12:30 - 2016-01-20 18:51 - 00057280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 12:23 - 2016-03-06 12:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 12:23 - 2016-03-06 12:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 12:22 - 2016-02-05 12:44 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 12:22 - 2016-02-05 11:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 12:22 - 2015-06-03 14:22 - 00355456 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-12 13:33 - 2016-04-17 14:24 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Jewel Match Twilight
2016-04-12 12:29 - 2016-04-12 12:29 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\IteraLabs
2016-04-12 12:21 - 2016-04-12 12:21 - 00001963 _____ C:\Users\Public\Desktop\Play Jewel Match - Twilight.lnk
2016-04-12 12:20 - 2016-04-12 12:21 - 00000000 ____D C:\Program Files\Jewel Match - Twilight
2016-04-12 12:20 - 2016-04-12 12:20 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jewel Match - Twilight
2016-04-12 12:20 - 2016-04-12 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jewel Match - Twilight
2016-04-12 12:18 - 2016-04-12 12:18 - 00001952 _____ C:\Users\Public\Desktop\Play Imperial Island 3.lnk
2016-04-12 12:17 - 2016-04-12 12:18 - 00000000 ____D C:\Program Files\Imperial Island 3
2016-04-12 12:17 - 2016-04-12 12:17 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Imperial Island 3
2016-04-12 12:17 - 2016-04-12 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imperial Island 3
2016-04-12 11:48 - 2016-04-12 11:49 - 00000000 ____D C:\Program Files\ClearIt
2016-04-12 11:48 - 2016-04-12 11:48 - 00000000 ____D C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ClearIt
2016-04-12 11:48 - 2016-04-12 11:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClearIt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-11 16:57 - 2013-03-09 12:11 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-05-11 16:55 - 2009-10-28 21:19 - 00018544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-11 16:55 - 2009-10-28 21:19 - 00018544 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-11 16:47 - 2013-04-23 17:53 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-11 11:52 - 2008-12-30 17:24 - 00000000 ____D C:\ProgramData\TEMP
2016-05-11 09:03 - 2009-10-28 22:15 - 00000000 ____D C:\Users\Deborah\AppData\Local\ApplicationHistory
2016-05-11 09:02 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-10 23:27 - 2013-03-02 10:34 - 00000000 ____D C:\Users\Deborah\AppData\Local\DoNotTrackPlus
2016-05-10 18:42 - 2013-04-23 17:53 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-10 00:49 - 2015-06-26 21:57 - 00000000 ____D C:\Users\Deborah\Desktop\Internet memes
2016-05-09 22:46 - 2009-10-28 21:21 - 00946804 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-09 22:46 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\inf
2016-05-06 00:15 - 2014-12-10 11:15 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-06 00:14 - 2015-04-05 01:28 - 00000000 ___SD C:\Windows\system32\GWX
2016-05-02 15:42 - 2016-04-08 17:40 - 00002062 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-23 18:12 - 2013-07-23 18:37 - 00000000 ____D C:\BigFishCache
2016-04-23 17:53 - 2009-07-13 22:52 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-04-22 01:57 - 2009-10-02 09:48 - 00374944 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-22 00:50 - 2008-07-15 12:15 - 00000000 ____D C:\Users\Deborah\AppData\Local\Google
2016-04-15 17:53 - 2013-04-17 12:14 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2016-04-15 17:53 - 2009-12-25 17:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-15 17:51 - 2009-12-25 17:18 - 00002519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-15 17:50 - 2009-12-25 17:18 - 00000000 ____D C:\ProgramData\Apple
2016-04-14 18:21 - 2009-07-13 20:37 - 00000000 ____D C:\Windows\rescache
2016-04-14 09:02 - 2009-07-13 22:33 - 01008080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-14 01:18 - 2013-07-23 03:01 - 00000000 ____D C:\Windows\system32\MRT
2016-04-14 00:58 - 2009-11-11 11:54 - 132539272 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 14:44 - 2014-01-06 17:52 - 00000000 ____D C:\Users\Deborah\Desktop\wildlife

==================== Files in the root of some directories =======

2011-06-02 12:33 - 2011-06-02 12:45 - 0000011 _____ () C:\Users\Deborah\AppData\Roaming\log.txt
2011-08-23 18:43 - 2011-09-24 13:52 - 0002435 _____ () C:\Users\Deborah\AppData\Roaming\SAS7_000.DAT
2011-03-28 13:33 - 2011-03-28 13:33 - 0008248 _____ () C:\Users\Deborah\AppData\Local\en.ini
2011-04-15 16:01 - 2011-04-15 16:01 - 0000036 _____ () C:\Users\Deborah\AppData\Local\housecall.guid.cache
2011-03-17 17:00 - 2013-03-21 10:06 - 0007618 _____ () C:\Users\Deborah\AppData\Local\resmon.resmoncfg
2014-12-20 15:56 - 2014-12-20 15:56 - 0268147 _____ () C:\ProgramData\1419112469.bdinstall.bin
2009-11-17 01:52 - 2009-11-17 02:01 - 0004977 _____ () C:\ProgramData\hpzinstall.log

Files to move or delete:
====================
C:\Users\Deborah\trillian-v3.1.10.0.exe


Some files in TEMP:
====================
C:\Users\Deborah\AppData\Local\Temp\amazoncct.dll
C:\Users\Deborah\AppData\Local\Temp\cct.dll
C:\Users\Deborah\AppData\Local\Temp\JavaIC.dll
C:\Users\Deborah\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\msscct32.dll
C:\Users\Deborah\AppData\Local\Temp\YSearchUtil.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-08 11:33

==================== End of FRST.txt ============================
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 11, 2016 3:33 pm    Post subject: •Addition.txt Reply with quote

Additional scan result of Farbar Recovery Scan Tool (x86) Version:09-05-2016
Ran by Deborah (2016-05-11 17:13:35)
Running from C:\Users\Deborah\Desktop\DEBI'S STUFF
Microsoft Windows 7 Home Premium Service Pack 1 (X86) (2009-10-29 04:13:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1100672905-2365331096-1695293828-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1100672905-2365331096-1695293828-1002 - Limited - Enabled)
Deborah (S-1-5-21-1100672905-2365331096-1695293828-1000 - Administrator - Enabled) => C:\Users\Deborah
Guest (S-1-5-21-1100672905-2365331096-1695293828-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1100672905-2365331096-1695293828-1009 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
3D Knifflis: The Whole World in 3D! (HKLM\...\BFG-3D Knifflis - The Whole World in 3D!) (Version: - )
4 Elements II (HKLM\...\BFG-4 Elements II) (Version: - )
7 Wonders: Ancient Alien Makeover (HKLM\...\BFG-7 Wonders - Ancient Alien Makeover) (Version: - )
7 Wonders: Magical Mystery Tour (HKLM\...\BFG-7 Wonders - Magical Mystery Tour) (Version: - )
7 Wonders: Treasures of Seven (HKLM\...\BFG-7 Wonders - Treasures of Seven) (Version: - )
A Magnetic Adventure (HKLM\...\BFG-A Magnetic Adventure) (Version: - )
Abundante (HKLM\...\BFG-Abundante) (Version: - )
Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.7.186 - Adobe Systems Incorporated)
Acrobat.com (Version: 1.7.186 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 20.0.0.233 - Adobe Systems Incorporated)
Adobe Flash Player 21 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adore Puzzle (HKLM\...\BFG-Adore Puzzle) (Version: - )
Age of Japan 2 (HKLM\...\BFG-Age of Japan 2) (Version: - )
Alawar Elements (HKLM\...\Alawar Elements) (Version: 1.0.13 - Alawar)
Amazing Adventures Riddle of the Two Knights ™ (HKLM\...\BFG-Amazing Adventures Riddle of the Two Knights) (Version: - )
Amazing Adventures: Around the World (HKLM\...\BFG-Amazing Adventures - Around the World) (Version: - )
Amazing Adventures: The Caribbean Secret (HKLM\...\BFG-Amazing Adventures - The Caribbean Secret) (Version: - )
Amazing Adventures: The Forgotten Dynasty (HKLM\...\BFG-Amazing Adventures - The Forgotten Dynasty) (Version: - )
Amazing Adventures: The Lost Tomb (HKLM\...\BFG-Amazing Adventures - The Lost Tomb) (Version: - )
Amazing Pyramids (HKLM\...\BFG-Amazing Pyramids) (Version: - )
Amazon Kindle For PC v1.0 (HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\Amazon Kindle For PC) (Version: - )
Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Ancient Mosaic (HKLM\...\BFG-Ancient Mosaic) (Version: - )
Angelica Weaver: Catch Me When You Can (HKLM\...\BFG-Angelica Weaver - Catch Me When You Can) (Version: - )
Apple Application Support (32-bit) (HKLM\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Aquaball (HKLM\...\BFG-Aquaball) (Version: - )
Aquascapes (HKLM\...\BFG-Aquascapes) (Version: - )
ArcSoft Print Creations - Album Page (HKLM\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft)
ArcSoft Print Creations - Funhouse (HKLM\...\{9591C049-5CAE-4E89-A8D9-191F1899628B}) (Version: - ArcSoft)
ArcSoft Print Creations - Greeting Card (HKLM\...\{F04F9557-81A9-4293-BC49-2C216FA325A7}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Book (HKLM\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Calendar (HKLM\...\{CA9ED5E4-1548-485B-A293-417840060158}) (Version: - ArcSoft)
ArcSoft Print Creations - Photo Prints (HKLM\...\{95F875CC-1B85-43E6-B3E0-13EA04F3D995}) (Version: - ArcSoft)
ArcSoft Print Creations - Scrapbook (HKLM\...\{B0D83FCD-9D42-43ED-8315-250326AADA02}) (Version: - ArcSoft)
ArcSoft Print Creations - Slimline Card (HKLM\...\{007B37D9-0C45-4202-834B-DD5FAAE99D63}) (Version: - ArcSoft)
ArcSoft Print Creations (HKLM\...\{6FB0746B-5D91-48C1-9B87-27D503A220EC}) (Version: 2.8.255.384 - ArcSoft)
Arizona Rose and the Pirates' Riddles (HKLM\...\BFG-Arizona Rose and the Pirates' Riddles) (Version: - )
Around the World in 80 Days (HKLM\...\BFG-Around the World in 80 Days) (Version: - )
ArtistScope Plugin IE (HKLM\...\ArtistScope Plugin IE4.2.0.3) (Version: 4.2.0.3 - ArtistScope)
Asian Riddles (HKLM\...\BFG-Asian Riddles) (Version: - )
Atlantic Quest (HKLM\...\BFG-Atlantic Quest) (Version: - )
Atlantis Sky Patrol™ (HKLM\...\BFG-Atlantis Sky Patrol) (Version: - )
Atlantis: Pearls of the Deep (HKLM\...\BFG-Atlantis - Pearls of the Deep) (Version: - )
Aveyond: Lord of Twilight (HKLM\...\BFG-Aveyond - Lord of Twilight) (Version: - )
Azada (HKLM\...\BFG-Azada) (Version: - )
Azada: Ancient Magic ™ (HKLM\...\BFG-Azada - Ancient Magic) (Version: - )
Azada: In Libro (HKLM\...\BFG-Azada - In Libro) (Version: - )
Aztec Bricks (HKLM\...\Aztec Bricks) (Version: 1.0.0.0 - Alawar Entertainment Inc.)
Banctec Service Agreement (HKLM\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
Bengal - Game of Gods (HKLM\...\BFG-Bengal - Game of Gods) (Version: - )
Big City Adventure: Barcelona (HKLM\...\BFG-Big City Adventure - Barcelona) (Version: - )
Big City Adventure: London Classic (HKLM\...\BFG-Big City Adventure - London Classic) (Version: - )
Big City Adventure: Paris (HKLM\...\BFG-Big City Adventure - Paris) (Version: - )
Big City Adventure: Vancouver Collector's Edition (HKLM\...\BFG-Big City Adventure - Vancouver Collector's Edition) (Version: - )
Big Fish: Game Manager (HKLM\...\BFGC) (Version: 3.3.0.2 - )
Big Kahuna Reef 3 (HKLM\...\BFG-Big Kahuna Reef 3) (Version: - )
Bitdefender 60-Second Virus Scanner (HKLM\...\{CCEA2053-D975-4E38-AC09-4D5E6DAC6B6F}) (Version: 1.0.3.76 - Bitdefender)
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Brick Quest 2 (HKLM\...\BFG-Brick Quest 2) (Version: - )
Bricks of Atlantis (HKLM\...\BFG-Bricks of Atlantis) (Version: - )
Bricks of Egypt (HKLM\...\Bricks of Egypt) (Version: - )
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Chocolatier 3: Decadence by Design (HKLM\...\BFG-Chocolatier 3 - Decadence by Design) (Version: - )
Christmas Griddlers (HKLM\...\BFG-Christmas Griddlers) (Version: - )
Christmas Puzzle (HKLM\...\BFG-Christmas Puzzle) (Version: - )
Chuzzle Deluxe 1.0 (HKLM\...\Chuzzle Deluxe 1.0) (Version: - )
ClearIt (HKLM\...\BFG-ClearIt) (Version: - )
ClickArt 950,000 v. 2 (HKLM\...\{03C35FF9-CC64-48D1-B09F-69EEDE977B38}) (Version: 01.02.0000 - Broderbund Software)
Conexant D850 PCI V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )
Corel Painter X (HKLM\...\_{91CABF8F-A81C-4CB0-A1B0-D55B25F1B150}) (Version: - Corel Corporation)
Corel Painter X (Version: 10.00 - Corel Corporation) Hidden
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.423 - Corel Inc.)
Cradle of Egypt (HKLM\...\BFG-Cradle of Egypt) (Version: - )
Cradle of Rome (HKLM\...\BFG-Cradle of Rome) (Version: - )
Cradle of Rome 2 (HKLM\...\BFG-Cradle of Rome 2) (Version: - )
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
Curse of the Pharaoh: Napoleon's Secret ™ (HKLM\...\BFG-Curse of the Pharaoh - Napoleon's Secret) (Version: - )
Curse of the Pharaoh: Tears of Sekhmet (HKLM\...\BFG-Curse of the Pharaoh - Tears of Sekhmet) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Deep Blue Sea (HKLM\...\BFG-Deep Blue Sea) (Version: - )
Dell Driver Download Manager (HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\f031ef6ac137efc5) (Version: 2.1.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Photo AIO Printer 942 (HKLM\...\Dell Photo AIO Printer 942) (Version: - )
Digital Line Detect (HKLM\...\{E646DCF0-5A68-11D5-B229-002078017FBF}) (Version: 1.21 - BVRP Software, Inc)
Do Not Track Me Add-on 2.2.8.122 (HKLM\...\Do Not Track Me Add-on_is1) (Version: 2.2.8.122 - Abine)
Document Express DjVu Plug-in (autoinstall) (HKLM\...\DjVu) (Version: - )
Dotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
DragonStone ™ (HKLM\...\BFG-DragonStone) (Version: - )
Drawn™: Trail of Shadows Collector's Edition (HKLM\...\BFG-Drawn - Trail of Shadows Collector's Edition) (Version: - )
EDocs (HKLM\...\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}) (Version: - )
eGames GameButler (HKLM\...\eGames GameButler) (Version: - )
Emberwing: Lost Legacy Collector's Edition (HKLM\...\BFG-Emberwing - Lost Legacy Collectors Edition) (Version: - )
Empire Builder - Ancient Egypt (HKLM\...\BFG-Empire Builder - Ancient Egypt) (Version: - )
EPSON Artisan 800 Series Printer Uninstall (HKLM\...\EPSON Artisan 800 Series) (Version: - SEIKO EPSON Corporation)
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.01.00 - SEIKO EPSON Corporation)
Epson Print CD (HKLM\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.00.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EpsonNet Config V3 (HKLM\...\{2B0CDD4D-5C1A-47F7-89E2-9BF604670ABC}) (Version: 3.1a - SEIKO EPSON CORPORATION)
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4d - SEIKO EPSON CORPORATION)
Fairies (HKLM\...\BFG-Fairies) (Version: - )
Fairway Solitaire (HKLM\...\BFG-Fairway Solitaire) (Version: - )
Fairy Treasure (HKLM\...\BFG-Fairy Treasure) (Version: - )
Fantasy Mosaics 5 (HKLM\...\BFG-Fantasy Mosaics 5) (Version: - )
Fax Solutions (HKLM\...\Dell Fax Solutions) (Version: - Dell, Inc.)
FishCo (HKLM\...\BFG-FishCo) (Version: - )
Fishdom - Spooky Splash (HKLM\...\BFG-Fishdom - Spooky Splash) (Version: - )
Fishdom (HKLM\...\BFG-Fishdom) (Version: - )
Fishdom 2 (HKLM\...\BFG-Fishdom 2) (Version: - )
Fishdom 3 Collector's Edition (HKLM\...\BFG-Fishdom 3 Collector's Edition) (Version: - )
Fishdom H2O: Hidden Odyssey (HKLM\...\BFG-Fishdom H2O - Hidden Odyssey) (Version: - )
Fishdom: Depths of Time Collector's Edition (HKLM\...\BFG-Fishdom - Depths of Time Collectors Edition) (Version: - )
Fishdom: Frosty Splash (HKLM\...\BFG-Fishdom - Frosty Splash) (Version: - )
Fishdom: Seasons Under the Sea (HKLM\...\BFG-Fishdom - Seasons Under the Sea) (Version: - )
Forgotten Riddles - The Mayan Princess (HKLM\...\BFG-Forgotten Riddles - The Mayan Princess) (Version: - )
FTDI USB Serial Converter Drivers (HKLM\...\FTDICOMM) (Version: 2.00.00 - FTDI Ltd)
GDR 5520 for SQL Server 2008 (KB2977321) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
GDR 5538 for SQL Server 2008 (KB3045305) (HKLM\...\KB3045305) (Version: 10.3.5538.0 - Microsoft Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.30.3 - Google Inc.) Hidden
GoToAssist 8.0.0.514 (HKLM\...\GoToAssist) (Version: - )
Haunted Legends: The Queen of Spades (HKLM\...\BFG-Haunted Legends - The Queen of Spades) (Version: - )
Hawaiian Explorer Pearl Harbor (HKLM\...\BFG-Hawaiian Explorer - Pearl Harbor) (Version: - )
Heroes of Hellas 2: Olympia (HKLM\...\BFG-Heroes of Hellas 2 - Olympia) (Version: - )
Heroes of Hellas 3: Athens (HKLM\...\BFG-Heroes of Hellas 3 - Athens) (Version: - )
Hidato Adventures (HKLM\...\BFG-Hidato Adventures) (Version: - )
Hidden Expedition &reg; - Devil's Triangle (HKLM\...\BFG-Hidden Expedition - Devils Triangle) (Version: - )
Hidden Expedition &reg;: Amazon (HKLM\...\BFG-Hidden Expedition - Amazon) (Version: - )
Hidden Expedition Titanic (remove only) (HKLM\...\Hidden Expedition Titanic) (Version: - )
Hidden Expedition: Smithsonian Castle Collector's Edition (HKLM\...\BFG-Hidden Expedition - Smithsonian Castle Collector's Edition) (Version: - )
Hidden Expedition: The Fountain of Youth Collector's Edition (HKLM\...\BFG-Hidden Expedition - The Fountain of Youth Collectors Edition) (Version: - )
Hidden Mysteries &reg;: Civil War (HKLM\...\BFG-Hidden Mysteries - Civil War) (Version: - )
Hidden Mysteries: Buckingham Palace ™ (HKLM\...\BFG-Hidden Mysteries - Buckingham Palace) (Version: - )
Hidden Mysteries: Notre Dame - Secrets of Paris (HKLM\...\BFG-Hidden Mysteries - Notre Dame - Secrets of Paris) (Version: - )
Hidden Wonders of the Depths (HKLM\...\BFG-Hidden Wonders of the Depths) (Version: - )
Hidden Wonders of the Depths 2 (HKLM\...\BFG-Hidden Wonders of the Depths 2) (Version: - )
Hidden Wonders of the Depths 3: Atlantis Adventures (HKLM\...\BFG-Hidden Wonders of the Depths 3 - Atlantis Adventures) (Version: - )
House of 1000 Doors: Family Secrets (HKLM\...\BFG-House of 1000 Doors - Family Secrets) (Version: - )
html01sp (HKLM\...\html01sp) (Version: - )
html03sp (HKLM\...\html03sp) (Version: - )
html05sp (HKLM\...\html05sp) (Version: - )
Hungry For Gems (HKLM\...\BFG-Hungry For Gems) (Version: - )
Imperial Island 3 (HKLM\...\BFG-Imperial Island 3) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
iTunes (HKLM\...\{3079C5C8-325A-4354-A733-456BACA1E5FB}) (Version: 12.3.3.17 - Apple Inc.)
Jacquie Lawson Edwardian Advent Calendar (HKLM\...\com.jacquielawson.edwardianadventcalendar2014) (Version: 1.0.1 - MicroCourt Limited)
Jacquie Lawson Edwardian Advent Calendar (Version: 1.0.1 - MicroCourt Limited) Hidden
Jacquie Lawson Victorian Calendar (HKLM\...\com.jacquielawson.victorianadventcalendar2015) (Version: 1.0.0 - Microcourt Limited)
Jacquie Lawson Victorian Calendar (Version: 1.0.0 - Microcourt Limited) Hidden
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)
Jewel Legends: Tree of Life (HKLM\...\BFG-Jewel Legends - Tree of Life) (Version: - )
Jewel Match: Snowscapes (HKLM\...\BFG-Jewel Match - Snowscapes) (Version: - )
Jewel Match: Twilight (HKLM\...\BFG-Jewel Match - Twilight) (Version: - )
Jigsaw Boom 2 (HKLM\...\BFG-Jigsaw Boom 2) (Version: - )
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Laura Jones and the Secret Legacy of Nikola Tesla (HKLM\...\BFG-Laura Jones and the Secret Legacy of Nikola Tesla) (Version: - )
League of Mermaids (HKLM\...\BFG-League of Mermaids) (Version: - )
League of Mermaids: Pearl Saga (HKLM\...\BFG-League of Mermaids - Pearl Saga) (Version: - )
Luxor Adventures (HKLM\...\BFG-Luxor Adventures) (Version: - )
Luxor Amun Rising (HKLM\...\BFG-Luxor Amun Rising) (Version: - )
Luxor HD (HKLM\...\BFG-Luxor HD) (Version: - )
Luxor Mahjong (remove only) (HKLM\...\Luxor Mahjong) (Version: - )
Luxor: 5th Passage (HKLM\...\BFG-Luxor - 5th Passage) (Version: - )
Macromedia Shockwave Player (HKLM\...\Macromedia Shockwave Player) (Version: - )
Mae Q`West and the Sign of the Stars (HKLM\...\BFG-Mae Q'West and the Sign of the Stars) (Version: - )
Magic Vines&trade; (HKLM\...\BFG-Magic Vines) (Version: - )
Mahjong Towers Eternity (HKLM\...\BFG-Mahjong Towers Eternity) (Version: - )
Mahjongg Master 5 (HKLM\...\Mahjongg Master 5) (Version: - )
Marblez (HKLM\...\BFG-Marblez) (Version: - )
Mayan Puzzle (HKLM\...\BFG-Mayan Puzzle) (Version: - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version: - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft Expression Blend 3 (HKLM\...\Blend_3.0.1927.0) (Version: 3.0.1927.0 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM\...\{0E837AF0-4C92-4077-83F0-D022073F17C0}) (Version: 1.0.1327.0 - Microsoft Corporation)
Microsoft Expression Design 3 (HKLM\...\Design_6.0.1739.0) (Version: 6.0.1739.0 - Microsoft Corporation)
Microsoft Expression Encoder 3 (HKLM\...\Encoder_3.0.1332.0) (Version: 3.0.1332.0 - Microsoft Corporation)
Microsoft Expression Studio 3 (HKLM\...\ExpressionStudio_3.0.1061.0) (Version: 3.0.1061.0 - Microsoft Corporation)
Microsoft Expression Web 3 (HKLM\...\Web_3.0.3813.0) (Version: 3.0.3813.0 - Microsoft Corporation)
Microsoft Expression Web 3 SP1 (HKLM\...\{752E90AC-3F11-4EA3-88EA-96441047EC31}) (Version: - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{83298573-A6B6-42AB-A234-FE91CA2859C0}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{59C245FC-343C-4FEC-B3CB-B6F12B561C20}) (Version: 10.3.5538.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Professional - ENU (HKLM\...\Microsoft Visual Studio 2010 Professional - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Mirror Mixup (HKLM\...\BFG-Mirror Mixup) (Version: - )
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mummy's Treasure (HKLM\...\BFG-Mummy's Treasure) (Version: - )
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
MyHeritage Family Tree Builder (HKLM\...\Family Tree Builder) (Version: 6.0.0.5634 - MyHeritage.com)
Mystery Case Files &reg;: 13th Skull ™ (HKLM\...\BFG-Mystery Case Files - 13th Skull) (Version: - )
Mystery Case Files&reg;: Dire Grove™ (HKLM\...\BFG-Mystery Case Files - Dire Grove) (Version: - )
Mystery Case Files&reg;: Escape from Ravenhearst™ (HKLM\...\BFG-Mystery Case Files - Escape from Ravenhearst) (Version: - )
Mystery Case Files&reg;: Fate's Carnival (HKLM\...\BFG-Mystery Case Files - Fates Carnival) (Version: - )
Mystery Case Files&reg;: Shadow Lake Collector's Edition (HKLM\...\BFG-Mystery Case Files - Shadow Lake Collector's Edition) (Version: - )
Mystery Case Files: Dire Grove, Sacred Grove Collector's Edition (HKLM\...\BFG-MCF - Dire Grove Sacred Grove CE) (Version: - )
Mystery Case Files: Huntsville - Detective Training (HKLM\...\BFG-Mystery Case Files - Huntsville - Detective Training) (Version: - )
Mystery Case Files: Key to Ravenhearst Collector's Edition (HKLM\...\BFG-Mystery Case Files - Key to Ravenhearst Collectors Edition) (Version: - )
Mystery Case Files: Madame Fate &reg; (HKLM\...\BFG-Mystery Case Files - Madame Fate) (Version: - )
Mystery Case Files: Prime Suspects ™ (HKLM\...\BFG-Mystery Case Files - Prime Suspects) (Version: - )
Mystery Case Files: Ravenhearst Unlocked Collector's Edition (HKLM\...\BFG-Mystery Case Files - Ravenhearst Unlocked Collector's Edition) (Version: - )
Mystery Case Files: Return to Ravenhearst ™ (HKLM\...\BFG-Mystery Case Files - Return to Ravenhearst) (Version: - )
Mystic Gateways: The Celestial Quest (HKLM\...\BFG-Mystic Gateways - The Celestial Quest) (Version: - )
Nearwood Collector's Edition (HKLM\...\BFG-Nearwood Collector's Edition) (Version: - )
NetWaiting (HKLM\...\{3F92ABBB-6BBF-11D5-B229-002078017FBF}) (Version: 2.5.44 - BVRP Software, Inc)
Nightfall Mysteries: Asylum Conspiracy (HKLM\...\BFG-Nightfall Mysteries - Asylum Conspiracy) (Version: - )
Nightfall Mysteries: Curse of the Opera (HKLM\...\BFG-Nightfall Mysteries - Curse of the Opera) (Version: - )
Notepad++ (HKLM\...\Notepad++) (Version: 5.7 - )
Ocean Express (HKLM\...\BFG-Ocean Express) (Version: - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OpenAL (HKLM\...\OpenAL) (Version: - )
Pahelika: Secret Legends (HKLM\...\BFG-Pahelika - Secret Legends) (Version: - )
PDF-XChange 3 (HKLM\...\PDF-XChange 3_is1) (Version: - Tracker Software)
Peggle Deluxe (HKLM\...\BFG-Peggle Deluxe) (Version: - )
Pharaoh`s Mystery (HKLM\...\BFG-Pharaoh`s Mystery) (Version: - )
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Ricochet: Infinity (HKLM\...\BFG-Ricochet - Infinity) (Version: - )
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
SandScript (HKLM\...\BFG-SandScript) (Version: - )
Sentinel System Driver (HKLM\...\{791CAF6C-90A3-11D4-8306-00D0B72E1DB9}) (Version: 5.39.2 - Rainbow Technologies)
Service Pack 3 for SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
Settlement: Colossus (HKLM\...\BFG-Settlement - Colossus) (Version: - )
Sherlock Holmes and the Hound of the Baskervilles (HKLM\...\BFG-Sherlock Holmes and the Hound of the Baskervilles) (Version: - )
Silver Tale (HKLM\...\BFG-Silver Tale) (Version: - )
Slingo Mystery: Who's Gold (HKLM\...\BFG-Slingo Mystery - Who's Gold) (Version: - )
Slingo Quest (HKLM\...\BFG-Slingo Quest) (Version: - )
Slingo Quest Egypt (HKLM\...\BFG-Slingo Quest Egypt) (Version: - )
Slingo Quest Hawaii (HKLM\...\BFG-Slingo Quest Hawaii) (Version: - )
Slingo Supreme (tb) (remove only) (HKLM\...\Slingo Supreme (tb)) (Version: - )
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
Strimko (HKLM\...\BFG-Strimko) (Version: - )
SupportSoft Assisted Service (HKLM\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
System Requirements Lab for Intel (HKLM\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Temple of Tangram (HKLM\...\BFG-Temple of Tangram) (Version: - )
The Alley Strikes Back (HKLM\...\BFG-The Alley Strikes Back) (Version: - )
The Count of Monte Cristo (HKLM\...\BFG-The Count of Monte Cristo) (Version: - )
The Da Vinci Code (HKLM\...\BFG-The Da Vinci Code) (Version: - )
The Flying Dutchman - In The Ghost Prison (HKLM\...\BFG-The Flying Dutchman - In The Ghost Prison) (Version: - )
The Print Shop 21 (HKLM\...\{55B30AF2-7331-4436-9318-D9EA45A42F79}) (Version: 21.00.0000 - Broderbund Software)
The Stone of Destiny (HKLM\...\BFG-The Stone of Destiny) (Version: - )
The Treasures of Montezuma 3 (HKLM\...\BFG-The Treasures of Montezuma 3) (Version: - )
The Treasures of Montezuma 4 (HKLM\...\BFG-The Treasures of Montezuma 4) (Version: - )
Tile Quest (HKLM\...\BFG-Tile Quest) (Version: - )
Treasure Seekers: Visions of Gold ™ (HKLM\...\BFG-Treasure Seekers - Visions of Gold) (Version: - )
Treasures of the Deep (HKLM\...\BFG-Treasures of the Deep) (Version: - )
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 3.4.1 - Tweaking.com)
Ulead Burn.Now 4.5 (Version: 4.5.0 - InterVideo Digital Technology Corporation) Hidden
Ulead Burn.Now 4.5 SE (HKLM\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - InterVideo Digital Technology Corporation)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vesuvia (HKLM\...\BFG-Vesuvia) (Version: - )
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
WeatherBug® (HKLM\...\WeatherBug®) (Version: 10.0.7.4 - Earth Networks, Inc.)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
Whispered Secrets: The Story of Tideville (HKLM\...\BFG-Whispered Secrets - The Story of Tideville) (Version: - )
Windows 7 Upgrade Advisor (HKLM\...\{4B719A70-F14A-4f5c-90B5-346B24B7FFF1}) (Version: 2.0.3001.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
World Mosaics (HKLM\...\BFG-World Mosaics) (Version: - )
World Mosaics 2 (HKLM\...\BFG-World Mosaics 2) (Version: - )
World Mosaics 3 - Fairy Tales (HKLM\...\BFG-World Mosaics 3 - Fairy Tales) (Version: - )
World Mosaics 4 (HKLM\...\BFG-World Mosaics 4) (Version: - )
World Mosaics 5 (HKLM\...\BFG-World Mosaics 5) (Version: - )
World Mosaics 6 (HKLM\...\BFG-World Mosaics 6) (Version: - )
World of Zellians: Kingdom Builder ™ (HKLM\...\BFG-World of Zellians - Kingdom Builder) (Version: - )
World Riddles: Animals (HKLM\...\BFG-World Riddles - Animals) (Version: - )
World Riddles: Secrets of the Ages (HKLM\...\BFG-World Riddles - Secrets of the Ages) (Version: - )
World Riddles: Seven Wonders (HKLM\...\BFG-World Riddles - Seven Wonders) (Version: - )
WOT for Internet Explorer (HKLM\...\{DCAEC601-735C-41AE-B84F-D792F09FB7D1}) (Version: 12.8.2.0 - WOT Services Oy)
WPF Toolkit June 2009 (Version 3.5.40619.1) (HKLM\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.40619.1 - Microsoft Corporation)
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version: - )
Yahoo! Internet Mail (HKLM\...\Yahoo! Mail) (Version: - )
Yahoo! Software Update (HKLM\...\Yahoo! Software Update) (Version: - )
YoWindow (HKLM\...\yowindow) (Version: 3 - RepkaSoft)
Zuma's Revenge! (HKLM\...\Zuma's Revenge!) (Version: - PopCap Games)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\CLSID\{0E55CBE1-B06A-49B6-AD8D-9EFAA0160C6F}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.21.57\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\CLSID\{218D2740-5A50-42A8-AB9F-62FF1B168782}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.21.69\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\CLSID\{29A96789-9595-4947-BEDB-0FCC776F7DB8}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.2.183.39\goopdate.dll => No File
CustomCLSID: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\CLSID\{320F0FDB-BE0A-4648-9D18-4A2C3448C007}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.21.79\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\CLSID\{3f04dadf-6ea4-44d1-a507-03cad176f443}\InprocServer32 -> C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CustomCLSID: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\CLSID\{DB25D157-76D4-41C1-97B5-359E4A4CECEB}\InprocServer32 -> C:\Users\Deborah\AppData\Local\Google\Update\1.3.21.65\psuser.dll => No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0DEC8B8A-3A35-4310-8B9E-70D939DF828A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {1B283C43-0E5B-4A94-96F5-D286D4CA55F4} - System32\Tasks\{19A46EF8-BD5A-40BC-B688-944C972A69FD} => pcalua.exe -a C:\Windows\system32\spool\drivers\w32x86\3\DLBUUNST.EXE -c -NOLICENSE
Task: {1E3027EC-65E3-4856-8C5A-1DC07D50D264} - System32\Tasks\{79077A4A-7E62-4054-9064-FF1731952097} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYSAN7HT\fantastic-farm_s1_l1_gF5301T1L1_d707181828[1].exe" -d C:\Users\Deborah\Desktop
Task: {1EF1D547-01F3-4339-AE01-B288B42ECD86} - System32\Tasks\{5894B779-3408-4892-B3C5-D4C3AB464069} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CNGZ1JE\janes-realty-2_s1_l1_gF5536T1L1_d843338765[1].exe" -d C:\Users\Deborah\Desktop
Task: {3498E8DC-45B1-4867-AEFE-EC7BF1119A76} - System32\Tasks\{0AA03088-2106-4399-B08A-1A7194508515} => pcalua.exe -a "C:\Program Files\eGames\GameButler\gbrowser.exe" -d "C:\Program Files\eGames\GameButler"
Task: {4881B42C-3E01-4E44-BD36-D4FC6803E85C} - System32\Tasks\{10EAA617-9230-45F5-8F31-B2C21D1F8C58} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CNGZ1JE\magic-maze_s1_l1_gF5428T1L1_d791084790[1].exe" -d C:\Users\Deborah\Desktop
Task: {49A28354-1E6B-40FA-A042-237D7B0B9FD8} - System32\Tasks\{DD216212-98AD-44D0-8210-794FAFD44D31} => pcalua.exe -a C:\Windows\system32\QuickTime.cpl
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {58CAF63A-5F5F-485A-8067-DA3175CE35BF} - System32\Tasks\{7E59FB71-36E2-4CAD-8C12-D108C8C0C0CC} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYSAN7HT\bounce-quest_s1_l1_gF2781T1L1_d791090673[1].exe" -d C:\Users\Deborah\Desktop
Task: {5B67E336-066A-4422-82D3-10FC32FBF47E} - System32\Tasks\{4A3CDD8A-CDBB-4A59-9ED9-A56E10BECB6C} => pcalua.exe -a E:\setup.exe -d E:\
Task: {63027DAF-6D4A-4663-837D-9550483D1713} - System32\Tasks\{6AC981CC-5277-447A-8282-79DB3559F0B2} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UPGHJMZE\crazy-machines-inventor-training-camp_s1_l1_gF5509T1L1_d890271204[1].exe" -d C:\Users\Deborah\Desktop
Task: {6DA33089-A61B-4370-9A76-C2077DF058B1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {7E02C08E-CFF8-47C4-9403-F522356EFF87} - System32\Tasks\{FC24546D-D68C-4B39-8748-5D681A54E55F} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CNGZ1JE\mirror-mixup_s1_l1_gF2021T1L1_d696280864[1].exe" -d C:\Users\Deborah\Desktop
Task: {8306A840-17D9-40ED-B4D3-F4340EED08CF} - System32\Tasks\{3C1648C9-0ECF-4EEF-8994-AB080C624CD9} => pcalua.exe -a C:\Users\Deborah\Documents\School\GES\javascript_files\ht5work.exe
Task: {843F52BF-26C0-46BE-8BFF-A5DA3F491416} - System32\Tasks\{1875E479-CE07-4F6A-8E9F-29062BB8223B} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D0KOHF1\fairy-nook_s1_l1_gF5191T1L1_d709186403[1].exe" -d C:\Users\Deborah\Desktop
Task: {8B00952E-4FCC-412D-837A-2B7240DCDDC2} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-26] (Microsoft Corporation)
Task: {90624009-B041-4438-9384-1E55FCCCC76B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {A67F027E-129B-44F4-AE16-A6035BBB1C4D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A7141DBF-D47F-4E1B-9E9E-259439861C37} - System32\Tasks\{3B51D761-B732-4EEE-B90C-CB31A227CF61} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIY1UVZA\little-folk-of-faery_s1_l1_gF5591T1L1_d843349934[1].exe" -d C:\Users\Deborah\Desktop
Task: {ADBD9DFC-A373-44E9-8747-7C614FC81823} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {AFA664D3-749C-4C36-840D-3FCC906A87AB} - System32\Tasks\{B853A27E-1C8D-491F-AA25-EBE3386D9CEE} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIY1UVZA\isidiada_s1_l1_gF5448T1L1_d833844210[1].exe" -d C:\Users\Deborah\Desktop
Task: {BA033194-7FA8-4952-A2D4-5CFF21E9B6D2} - System32\Tasks\{F76414B3-3B55-4844-B17C-E038E38E41E8} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIY1UVZA\geisha-the-secret-garden_s1_l1_gF5420T1L1_d787279681[1].exe" -d C:\Users\Deborah\Desktop
Task: {C3156760-FFC1-4774-A065-B55E6FC8D910} - System32\Tasks\{2373D5BB-0B08-4401-8D1B-85C319581BD6} => pcalua.exe -a E:\PopCDRun.exe -d E:\
Task: {CD5EB517-2869-4327-88F9-B5A64D7F5D3F} - System32\Tasks\{79ADE871-FB37-4334-8736-4A883A344343} => pcalua.exe -a C:\Users\Deborah\Downloads\ht5work.exe -d C:\Users\Deborah\Downloads
Task: {D7EA26DD-CEEB-4CB3-B965-1399FC3CCD79} - System32\Tasks\{5A86361F-844D-43B1-8E7E-AFB4525143D4} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D0KOHF1\virtual-city_s1_l1_gF5375T1L1_d729735589[1].exe" -d C:\Users\Deborah\Desktop
Task: {D83ACB07-8CFE-4456-8714-E83C97C8A906} - System32\Tasks\{F494CAA3-86A9-44E8-9E1C-946A7EBFB5B1} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D0KOHF1\the-treasures-of-montezuma-2_s1_l1_gF5295T1L1_d710973220[1].exe" -d C:\Users\Deborah\Desktop
Task: {DEEC7F70-CF43-4139-B302-0E667A302C02} - System32\Tasks\{F48B3259-7C8E-4198-A733-B33CD3F6E2D9} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7YS0HS0X\MFInstall[1].exe" -d C:\Users\Deborah\Desktop
Task: {E026F21D-7BBF-4A20-B4BF-83A41186AD6A} - System32\Tasks\{9FEC2E31-1364-4BD3-96B0-A789B904E449} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIY1UVZA\crystal-cave-lost-treasures_s1_l1_gF5555T1L1_d850165219[1].exe" -d C:\Users\Deborah\Desktop
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {E7B6F647-EFD9-4D9D-A7D9-58543F8E7F79} - System32\Tasks\{CF156A78-215B-4126-A43D-7D8779FE1986} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AYSAN7HT\fairy-nook_s1_l1_gF5191T1L1_d709186893[1].exe" -d C:\Users\Deborah\Desktop
Task: {FC593B23-BF1D-41D4-A791-1FE0117CA377} - System32\Tasks\{626B2CB9-8C8A-4DDA-90BE-06D3C6CF95A9} => pcalua.exe -a "C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KIY1UVZA\mr-puzzle_s1_l1_gF5292T1L1_d838597407[1].exe" -d C:\Users\Deborah\Desktop

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Deborah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll,OpenURL hxxp://mail.yahoo.com/?.intl=us&.redir=ymmapi10
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Mail.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll,OpenURL hxxp://mail.yahoo.com/?.intl=us&.redir=ymmapi11

==================== Loaded Modules (Whitelisted) ==============

2008-08-28 22:12 - 2006-10-06 08:06 - 00045056 _____ () C:\Windows\System32\DLPRMON.DLL
2008-08-28 22:11 - 2006-10-06 08:24 - 00016384 _____ () C:\Program Files\Dell PC Fax\DlCtrStr.dll
2008-08-28 22:11 - 2006-10-06 08:04 - 00032768 _____ () C:\Program Files\Dell PC Fax\ipcmt.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-02-01 13:58 - 2010-02-01 13:58 - 00266240 _____ () C:\Windows\system32\CSHelper.exe
2009-11-03 18:14 - 2009-11-03 18:14 - 00054272 _____ () C:\Program Files\Notepad++\NppShell_01.dll
2014-11-01 16:45 - 2014-09-23 16:19 - 00146736 _____ () C:\Program Files\Earth Networks\WeatherBug\WeatherBug.exe
2006-11-02 22:40 - 2006-11-02 22:40 - 00174656 _____ () C:\Windows\system32\PSIService.exe
2012-08-02 18:13 - 2012-08-02 18:13 - 01335872 _____ () C:\Program Files\WOT\WOT.dll
2013-03-02 10:32 - 2013-01-22 22:08 - 00605048 _____ () C:\Program Files\DoNotTrackPlus\IE\DNTPContentFilter.dll
2013-03-02 10:32 - 2013-01-22 22:08 - 00229240 _____ () C:\Program Files\DoNotTrackPlus\IE\DNTPButton.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:000D6A25 [214]
AlternateDataStreams: C:\ProgramData\TEMP:0073ABE1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:0406003C [120]
AlternateDataStreams: C:\ProgramData\TEMP:063969F8 [147]
AlternateDataStreams: C:\ProgramData\TEMP:06C34166 [258]
AlternateDataStreams: C:\ProgramData\TEMP:0778CBF2 [236]
AlternateDataStreams: C:\ProgramData\TEMP:082EF53F [147]
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449 [193]
AlternateDataStreams: C:\ProgramData\TEMP:0ADB5110 [264]
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52 [251]
AlternateDataStreams: C:\ProgramData\TEMP:0B352B60 [143]
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [135]
AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F [398]
AlternateDataStreams: C:\ProgramData\TEMP:0F6AC518 [244]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [248]
AlternateDataStreams: C:\ProgramData\TEMP:1095ECE1 [235]
AlternateDataStreams: C:\ProgramData\TEMP:13765436 [118]
AlternateDataStreams: C:\ProgramData\TEMP:13AE32E5 [428]
AlternateDataStreams: C:\ProgramData\TEMP:14D29229 [217]
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B [480]
AlternateDataStreams: C:\ProgramData\TEMP:16E76E27 [127]
AlternateDataStreams: C:\ProgramData\TEMP:175721D5 [242]
AlternateDataStreams: C:\ProgramData\TEMP:177313FB [218]
AlternateDataStreams: C:\ProgramData\TEMP:1802D824 [247]
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC [258]
AlternateDataStreams: C:\ProgramData\TEMP:19636FDD [130]
AlternateDataStreams: C:\ProgramData\TEMP:1968990D [222]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [468]
AlternateDataStreams: C:\ProgramData\TEMP:1A5207FA [211]
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801 [286]
AlternateDataStreams: C:\ProgramData\TEMP:1D0E1028 [118]
AlternateDataStreams: C:\ProgramData\TEMP:1DD8718C [134]
AlternateDataStreams: C:\ProgramData\TEMP:1E8BA99C [197]
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD [214]
AlternateDataStreams: C:\ProgramData\TEMP:220C42CA [130]
AlternateDataStreams: C:\ProgramData\TEMP:23F65965 [132]
AlternateDataStreams: C:\ProgramData\TEMP:254AD2ED [234]
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0 [240]
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2 [494]
AlternateDataStreams: C:\ProgramData\TEMP:27974442 [120]
AlternateDataStreams: C:\ProgramData\TEMP:2832349A [115]
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607 [213]
AlternateDataStreams: C:\ProgramData\TEMP:2B9146DE [226]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61 [136]
AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7 [209]
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929 [124]
AlternateDataStreams: C:\ProgramData\TEMP:2D5180DD [242]
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6 [254]
AlternateDataStreams: C:\ProgramData\TEMP:2E78333B [244]
AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48 [115]
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C [119]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [208]
AlternateDataStreams: C:\ProgramData\TEMP:3313A48D [202]
AlternateDataStreams: C:\ProgramData\TEMP:3433021E [112]
AlternateDataStreams: C:\ProgramData\TEMP:361703F1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:38B32B54 [212]
AlternateDataStreams: C:\ProgramData\TEMP:391535F9 [231]
AlternateDataStreams: C:\ProgramData\TEMP:3941DF1F [131]
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC [480]
AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C [219]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [239]
AlternateDataStreams: C:\ProgramData\TEMP:3C66B20F [207]
AlternateDataStreams: C:\ProgramData\TEMP:3CC01EE7 [132]
AlternateDataStreams: C:\ProgramData\TEMP:3DF63AD7 [208]
AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [500]
AlternateDataStreams: C:\ProgramData\TEMP:42B6425E [197]
AlternateDataStreams: C:\ProgramData\TEMP:436AFF0E [244]
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140 [430]
AlternateDataStreams: C:\ProgramData\TEMP:4440A77E [120]
AlternateDataStreams: C:\ProgramData\TEMP:45335F0B [210]
AlternateDataStreams: C:\ProgramData\TEMP:45B9FFA4 [240]
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C [482]
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0 [262]
AlternateDataStreams: C:\ProgramData\TEMP:473A733D [244]
AlternateDataStreams: C:\ProgramData\TEMP:48977386 [129]
AlternateDataStreams: C:\ProgramData\TEMP:494E4266 [253]
AlternateDataStreams: C:\ProgramData\TEMP:4A1628E5 [210]
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF [122]
AlternateDataStreams: C:\ProgramData\TEMP:4AB83B21 [490]
AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344 [125]
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4 [224]
AlternateDataStreams: C:\ProgramData\TEMP:500F73A8 [125]
AlternateDataStreams: C:\ProgramData\TEMP:5106F19A [255]
AlternateDataStreams: C:\ProgramData\TEMP:52AB1CE4 [206]
AlternateDataStreams: C:\ProgramData\TEMP:54B3F904 [137]
AlternateDataStreams: C:\ProgramData\TEMP:54F41DDA [210]
AlternateDataStreams: C:\ProgramData\TEMP:5511B474 [242]
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C [238]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [506]
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB [225]
AlternateDataStreams: C:\ProgramData\TEMP:58481C6F [247]
AlternateDataStreams: C:\ProgramData\TEMP:58860EF5 [108]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [216]
AlternateDataStreams: C:\ProgramData\TEMP:5974EE7C [262]
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3 [218]
AlternateDataStreams: C:\ProgramData\TEMP:5B307FD4 [252]
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7 [114]
AlternateDataStreams: C:\ProgramData\TEMP:5C8B8194 [175]
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178 [213]
AlternateDataStreams: C:\ProgramData\TEMP:5D95C77E [110]
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\TEMP:5E24C78B [206]
AlternateDataStreams: C:\ProgramData\TEMP:5E707762 [133]
AlternateDataStreams: C:\ProgramData\TEMP:5EC3C304 [136]
AlternateDataStreams: C:\ProgramData\TEMP:62672BC8 [420]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [235]
AlternateDataStreams: C:\ProgramData\TEMP:639F0420 [222]
AlternateDataStreams: C:\ProgramData\TEMP:661DC753 [243]
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F [146]
AlternateDataStreams: C:\ProgramData\TEMP:6710EF08 [203]
AlternateDataStreams: C:\ProgramData\TEMP:67310058 [143]
AlternateDataStreams: C:\ProgramData\TEMP:6764D965 [129]
AlternateDataStreams: C:\ProgramData\TEMP:678C1866 [418]
AlternateDataStreams: C:\ProgramData\TEMP:67C320D1 [204]
AlternateDataStreams: C:\ProgramData\TEMP:68198EE3 [120]
AlternateDataStreams: C:\ProgramData\TEMP:69E3AF64 [117]
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31 [140]
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6B55B892 [194]
AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 [253]
AlternateDataStreams: C:\ProgramData\TEMP:6C75AF4C [141]
AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF [448]
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 [202]
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619 [418]
AlternateDataStreams: C:\ProgramData\TEMP:71A89A93 [206]
AlternateDataStreams: C:\ProgramData\TEMP:74091520 [114]
AlternateDataStreams: C:\ProgramData\TEMP:759BAE18 [134]
AlternateDataStreams: C:\ProgramData\TEMP:76987FE5 [238]
AlternateDataStreams: C:\ProgramData\TEMP:77F49022 [226]
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9 [215]
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 [426]
AlternateDataStreams: C:\ProgramData\TEMP:7929462F [248]
AlternateDataStreams: C:\ProgramData\TEMP:7A632F57 [466]
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB [217]
AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690 [219]
AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF [133]
AlternateDataStreams: C:\ProgramData\TEMP:803039D6 [458]
AlternateDataStreams: C:\ProgramData\TEMP:80BFDE16 [135]
AlternateDataStreams: C:\ProgramData\TEMP:81410B90 [141]
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF [234]
AlternateDataStreams: C:\ProgramData\TEMP:85C3B823 [221]
AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3 [185]
AlternateDataStreams: C:\ProgramData\TEMP:884C7316 [216]
AlternateDataStreams: C:\ProgramData\TEMP:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C [149]
AlternateDataStreams: C:\ProgramData\TEMP:8ACB3478 [148]
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2 [217]
AlternateDataStreams: C:\ProgramData\TEMP:8C1EFEB8 [118]
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137 [204]
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [114]
AlternateDataStreams: C:\ProgramData\TEMP:91730504 [260]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [226]
AlternateDataStreams: C:\ProgramData\TEMP:93B8F954 [194]
AlternateDataStreams: C:\ProgramData\TEMP:954C27C6 [113]
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E [225]
AlternateDataStreams: C:\ProgramData\TEMP:9812B773 [466]
AlternateDataStreams: C:\ProgramData\TEMP:98982C88 [430]
AlternateDataStreams: C:\ProgramData\TEMP:996104FC [220]
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [250]
AlternateDataStreams: C:\ProgramData\TEMP:99A29126 [202]
AlternateDataStreams: C:\ProgramData\TEMP:9AD417ED [100]
AlternateDataStreams: C:\ProgramData\TEMP:9B721CFF [211]
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 [222]
AlternateDataStreams: C:\ProgramData\TEMP:9BCE6BBD [146]
AlternateDataStreams: C:\ProgramData\TEMP:9C435C94 [250]
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3 [133]
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [235]
AlternateDataStreams: C:\ProgramData\TEMP:A1460B2A [214]
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 [406]
AlternateDataStreams: C:\ProgramData\TEMP:A3251D01 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [232]
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B [124]
AlternateDataStreams: C:\ProgramData\TEMP:A5948878 [132]
AlternateDataStreams: C:\ProgramData\TEMP:A692C296 [106]
AlternateDataStreams: C:\ProgramData\TEMP:A8369371 [229]
AlternateDataStreams: C:\ProgramData\TEMP:A8725EB5 [286]
AlternateDataStreams: C:\ProgramData\TEMP:A8DAF782 [190]
AlternateDataStreams: C:\ProgramData\TEMP:AB4B1687 [250]
AlternateDataStreams: C:\ProgramData\TEMP:AB6E0B6B [418]
AlternateDataStreams: C:\ProgramData\TEMP:ABE818FA [130]
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73 [140]
AlternateDataStreams: C:\ProgramData\TEMP:AC83EA04 [209]
AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538 [226]
AlternateDataStreams: C:\ProgramData\TEMP:AF54CFFD [199]
AlternateDataStreams: C:\ProgramData\TEMP:B0B6888E [191]
AlternateDataStreams: C:\ProgramData\TEMP:B1786630 [228]
AlternateDataStreams: C:\ProgramData\TEMP:B18C4339 [116]
AlternateDataStreams: C:\ProgramData\TEMP:B1997945 [498]
AlternateDataStreams: C:\ProgramData\TEMP:B1E61D6A [105]
AlternateDataStreams: C:\ProgramData\TEMP:B6DD2C7E [226]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [232]
AlternateDataStreams: C:\ProgramData\TEMP:B904C348 [95]
AlternateDataStreams: C:\ProgramData\TEMP:B942A5C5 [476]
AlternateDataStreams: C:\ProgramData\TEMP:B9F8237A [400]
AlternateDataStreams: C:\ProgramData\TEMP:BE0BAFE1 [141]
AlternateDataStreams: C:\ProgramData\TEMP:BE7C4A02 [198]
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417 [286]
AlternateDataStreams: C:\ProgramData\TEMP:C0BA0690 [138]
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F [135]
AlternateDataStreams: C:\ProgramData\TEMP:C5901F6D [121]
AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8 [119]
AlternateDataStreams: C:\ProgramData\TEMP:C820549A [225]
AlternateDataStreams: C:\ProgramData\TEMP:C8E82994 [105]
AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2 [466]
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34 [207]
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8 [448]
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F [203]
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4 [113]
AlternateDataStreams: C:\ProgramData\TEMP:CDB75348 [125]
AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F [225]
AlternateDataStreams: C:\ProgramData\TEMP:D07517E1 [250]
AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C [207]
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6 [239]
AlternateDataStreams: C:\ProgramData\TEMP:D507AEDA [119]
AlternateDataStreams: C:\ProgramData\TEMP:D5151683 [458]
AlternateDataStreams: C:\ProgramData\TEMP:D5CCCBAA [224]
AlternateDataStreams: C:\ProgramData\TEMP:D9089E64 [276]
AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7 [140]
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E [426]
AlternateDataStreams: C:\ProgramData\TEMP:D9EDE5FA [256]
AlternateDataStreams: C:\ProgramData\TEMP:DA24A961 [135]
AlternateDataStreams: C:\ProgramData\TEMP:DB16B026 [206]
AlternateDataStreams: C:\ProgramData\TEMP:DE47A3DA [416]
AlternateDataStreams: C:\ProgramData\TEMP:DEE38664 [244]
AlternateDataStreams: C:\ProgramData\TEMP:DEE46C4E [115]
AlternateDataStreams: C:\ProgramData\TEMP:E0CDBB5A [257]
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC [140]
AlternateDataStreams: C:\ProgramData\TEMP:E1D6C864 [398]
AlternateDataStreams: C:\ProgramData\TEMP:E21987F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:E222F217 [122]
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9 [432]
AlternateDataStreams: C:\ProgramData\TEMP:E5B6B9C5 [286]
AlternateDataStreams: C:\ProgramData\TEMP:E5F8E280 [232]
AlternateDataStreams: C:\ProgramData\TEMP:E6C6EB3B [230]
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC [119]
AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554 [286]
AlternateDataStreams: C:\ProgramData\TEMP:EAF8F87B [136]
AlternateDataStreams: C:\ProgramData\TEMP:EB0255AA [260]
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC [146]
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355 [212]
AlternateDataStreams: C:\ProgramData\TEMP:ED194880 [129]
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC [231]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [210]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:F28DF4DC [121]
AlternateDataStreams: C:\ProgramData\TEMP:F3DE733A [229]
AlternateDataStreams: C:\ProgramData\TEMP:F5B99CA4 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F5F96E70 [134]
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273 [138]
AlternateDataStreams: C:\ProgramData\TEMP:F7370879 [111]
AlternateDataStreams: C:\ProgramData\TEMP:F760FD47 [126]
AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB [123]
AlternateDataStreams: C:\ProgramData\TEMP:F8BCC942 [140]
AlternateDataStreams: C:\ProgramData\TEMP:F986CC21 [135]
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82 [104]
AlternateDataStreams: C:\ProgramData\TEMP:FB647F34 [141]
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9 [137]
AlternateDataStreams: C:\ProgramData\TEMP:FD8BCF62 [249]
AlternateDataStreams: C:\ProgramData\TEMP:FF251D87 [113]
AlternateDataStreams: C:\ProgramData\TEMP:FF7D915E [120]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\ancestry.com -> ancestry.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 04:23 - 2006-09-18 15:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Deborah\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 4.2.2.2 - 4.2.2.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: ACDaemon => 2
MSCONFIG\Services: AdobeActiveFileMonitor5.0 => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk => C:\Windows\pss\Digital Line Detect.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk => C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak software updater.lnk => C:\Windows\pss\Kodak software updater.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Deborah^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader =>
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: Dell Photo AIO Printer 942 => "C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe"
MSCONFIG\startupreg: DellMCM => "C:\Program Files\Dell Photo AIO Printer 942\memcard.exe"
MSCONFIG\startupreg: DW6 =>
MSCONFIG\startupreg: FaxCenterServer => "C:\Program Files\Dell PC Fax\fm3032.exe" /s
MSCONFIG\startupreg: HP Software Update =>
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2F48201A-5C7D-4E09-8149-8B06B46E7196}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{08666EC9-2EF3-4B72-990E-0517ECA3A763}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{98D57CD7-2870-4A53-8D02-D5AE49CE6774}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{083CFB33-3B6A-48D3-A084-410E652571CF}] => (Allow) C:\
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 11, 2016 3:40 pm    Post subject: •Addition.txt continued Reply with quote

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2F48201A-5C7D-4E09-8149-8B06B46E7196}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{08666EC9-2EF3-4B72-990E-0517ECA3A763}] => (Allow) C:\Program Files\Adobe\Photoshop Elements 5.0\AdobePhotoshopElementsMediaServer.exe
FirewallRules: [{98D57CD7-2870-4A53-8D02-D5AE49CE6774}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{083CFB33-3B6A-48D3-A084-410E652571CF}] => (Allow) C:\Program Files\Yahoo!\Messenger\YServer.exe
FirewallRules: [{000927CD-262F-4F05-9021-21B87C26B422}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{CD9582C0-B0D9-4A3B-BD75-4E4F84A5133F}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{E8A0EEF6-6F6D-4965-85D9-D997EA105C3B}] => (Allow) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{AB515B98-3C29-4ED1-A627-BE47BB968901}] => (Allow) svchost.exe
FirewallRules: [{ABCDD25C-0025-4AF2-B05D-F85F48AFA488}] => (Allow) C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-32bit] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{DD0BCD42-C4DF-460E-8FDA-9373FE20E476}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{FEC17EE8-80FD-4A8E-9648-059B57728936}] => (Allow) LPort=2869
FirewallRules: [{EC4E7A1E-958F-4ED3-A01D-142B1B72B7B8}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{0FB5B78F-CBA5-44AD-AB88-5170B60B6B06}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [UDP Query User{7E61DB66-4126-42DB-9DDE-4826BBDE19DD}C:\program files\google\google earth\plugin\geplugin.exe] => (Allow) C:\program files\google\google earth\plugin\geplugin.exe
FirewallRules: [TCP Query User{04FCDE77-5F28-4A98-B747-894BB6232899}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [UDP Query User{A9781AE5-1D43-421A-929E-F333313DCABF}C:\program files\google\google earth\client\googleearth.exe] => (Allow) C:\program files\google\google earth\client\googleearth.exe
FirewallRules: [{ABD67BDE-7D79-42D4-9F4C-73CF07D81A60}] => (Allow) LPort=51001
FirewallRules: [TCP Query User{599B991A-9730-43F1-A490-7857EE3FEC2F}C:\program files\epsonnet\epsonnet config v3\enconfig.exe] => (Allow) C:\program files\epsonnet\epsonnet config v3\enconfig.exe
FirewallRules: [UDP Query User{DA089E3D-26E7-444C-BDFA-1034EACE8332}C:\program files\epsonnet\epsonnet config v3\enconfig.exe] => (Allow) C:\program files\epsonnet\epsonnet config v3\enconfig.exe
FirewallRules: [{5B190012-BC8F-4E87-A92E-B2D7329AF9BC}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\migA10E.tmp\migwiz.exe
FirewallRules: [{F3C70D13-8C10-45CD-9F0A-E3E9B7A91AF0}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\migA10E.tmp\migwiz.exe
FirewallRules: [{8C937B1D-CB8B-4492-A709-9F7D1518E5D9}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\mig7290.tmp\migwiz.exe
FirewallRules: [{BBF7BAC8-F8D4-47F4-9A8B-E04CFEFF0311}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\mig7290.tmp\migwiz.exe
FirewallRules: [{AE85149E-7C3F-4557-937A-4B973C1D6160}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\mig3A83.tmp\migwiz.exe
FirewallRules: [{3A95649D-8B91-4D68-8B95-49376F7A8C61}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\mig3A83.tmp\migwiz.exe
FirewallRules: [{25A8539C-28E6-46B7-97F1-0137131D649B}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\mig6E41.tmp\migwiz.exe
FirewallRules: [{85CA1990-B69F-4A8F-BB51-B0CACE3DAA6B}] => (Allow) C:\Users\Deborah\AppData\Local\Temp\mig6E41.tmp\migwiz.exe
FirewallRules: [TCP Query User{43CAB509-AD5A-49CE-82CD-8524F27E8549}C:\users\deborah\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\deborah\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [UDP Query User{11F7D803-A827-4C37-A12A-380F5F9F3273}C:\users\deborah\appdata\local\temp\rarsfx0\x32\pcsftool.exe] => (Allow) C:\users\deborah\appdata\local\temp\rarsfx0\x32\pcsftool.exe
FirewallRules: [{8205493E-510F-49F1-9849-4DB766C9CE3E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C5B0C9E-C2EB-45FF-9CDF-3287F3584C76}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8B01C01E-635D-4FAD-BD43-D962B2B7C071}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AEDD66CB-F25A-414A-B8EE-FBF1461FA723}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

17-04-2016 09:01:17 Windows Update
20-04-2016 09:12:49 Windows Update
24-04-2016 09:55:24 Windows Update
27-04-2016 10:01:50 Windows Update
01-05-2016 10:19:53 Windows Update
06-05-2016 00:13:27 Windows Update
10-05-2016 08:28:12 Windows Update

==================== Faulty Device Manager Devices =============

Name: Freedom Scientific Mirror Display Driver
Description: Freedom Scientific Mirror Display Driver
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Freedom Scientific
Service: fsvidmir
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: TSSTcorp DVD+-RW TS-H653F ATA Device
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/11/2016 04:57:50 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program E_FARNEMA.EXE version 5.0.4.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1760

Start Time: 01d1abd84367a0f8

Termination Time: 16

Application Path: C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FARNEMA.EXE

Report Id:

Error: (05/11/2016 12:45:29 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (05/11/2016 12:45:29 PM) (Source: MsiInstaller) (EventID: 11606) (User: NT AUTHORITY)
Description: Product: Adobe Refresh Manager -- Error 1606.Could not access network location %APPDATA%\.

Error: (05/08/2016 10:51:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: MSHTML.dll, version: 11.0.9600.18283, time stamp: 0x56fc68fd
Exception code: 0xc0000005
Fault offset: 0x000e4ecf
Faulting process id: 0xdb4
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/08/2016 10:50:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: MSHTML.dll, version: 11.0.9600.18283, time stamp: 0x56fc68fd
Exception code: 0xc0000005
Fault offset: 0x000e4ecf
Faulting process id: 0xae0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/08/2016 12:48:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: ntdll.dll, version: 6.1.7601.23392, time stamp: 0x56eb2fd9
Exception code: 0xc0000005
Fault offset: 0x000472f2
Faulting process id: 0xac8
Faulting application start time: 0xbfgclient.exe0
Faulting application path: bfgclient.exe1
Faulting module path: bfgclient.exe2
Report Id: bfgclient.exe3

Error: (05/07/2016 02:41:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.18283, time stamp: 0x56fc59cb
Faulting module name: IEFRAME.dll, version: 11.0.9600.18283, time stamp: 0x56fc5f5e
Exception code: 0xc0000005
Fault offset: 0x0019ab95
Faulting process id: 0x1378
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (05/03/2016 02:23:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: bfgclient.exe, version: 3.3.0.2, time stamp: 0x53179a91
Faulting module name: MSVCR100.dll, version: 10.0.30319.1, time stamp: 0x4ba1dbbe
Exception code: 0x40000015
Fault offset: 0x0008d635
Faulting process id: 0x4a8
Faulting application start time: 0xbfgclient.exe0
Faulting application path: bfgclient.exe1
Faulting module path: bfgclient.exe2
Report Id: bfgclient.exe3

Error: (05/02/2016 11:49:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14cc

Start Time: 01d1a4fcf25c8731

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (05/02/2016 12:13:34 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.18283 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1154

Start Time: 01d1a4331ec086e5

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:


System errors:
=============
Error: (05/11/2016 09:03:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/11/2016 09:03:27 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/11/2016 09:03:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender 60-Second Virus Scanner Service service failed to start due to the following error:
%%2

Error: (05/10/2016 08:17:09 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/10/2016 08:16:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (05/10/2016 08:16:29 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender 60-Second Virus Scanner Service service failed to start due to the following error:
%%2

Error: (05/09/2016 10:44:54 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk5\DR5.

Error: (05/09/2016 08:00:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (05/09/2016 08:00:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Bitdefender 60-Second Virus Scanner Service service failed to start due to the following error:
%%2

Error: (05/08/2016 10:35:53 AM) (Source: DCOM) (EventID: 10016) (User: Sonny)
Description: application-specificLocalActivation{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}SonnyDeborahS-1-5-21-1100672905-2365331096-1695293828-1000LocalHost (Using LRPC)


==================== Memory info ===========================

Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 52%
Total physical RAM: 3061.18 MB
Available physical RAM: 1443.68 MB
Total Virtual: 6120.68 MB
Available Virtual: 4357.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.04 GB) (Free:145.08 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.31 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Cool (Size: 298.1 GB) (Disk ID: 40000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=288 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 11, 2016 3:42 pm    Post subject: •ADWCleaner log Reply with quote

# AdwCleaner v5.116 - Logfile created 11/05/2016 at 17:20:29
# Updated 09/05/2016 by Xplode
# Database : 2016-05-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X86)
# Username : Deborah - SONNY
# Running from : C:\Users\Deborah\Desktop\DEBI'S STUFF\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : YahooAUService

***** [ Folders ] *****

Folder Found : C:\ProgramData\quickclick
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Application Data\quickclick
Folder Found : C:\ProgramData\Application Data\Trymedia
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Around the world in 80 days
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
Folder Found : C:\Program Files\Around the world in 80 days
Folder Found : C:\Program Files\Coupons
Folder Found : C:\Program Files\Earth Networks
Folder Found : C:\Users\Deborah\AppData\LocalLow\Yahoo!\Companion
Folder Found : C:\Users\Deborah\AppData\Roaming\download Manager
Folder Found : C:\Users\Deborah\AppData\Roaming\quickclick
Folder Found : C:\Users\Deborah\AppData\Roaming\Pogo Games
Folder Found : C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom

***** [ Files ] *****

File Found : C:\Users\Deborah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WeatherBug®.lnk
File Found : C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk

***** [ DLL ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Found : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.MHTBPos00
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.MHTBPos00.1
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Key Found : HKCU\Software\Yahoo\Companion
Key Found : HKCU\Software\Yahoo\YFriendsBar
Key Found : HKCU\Software\Earth Networks
Key Found : HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Yahoo\Companion
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
Key Found : HKU\.DEFAULT\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Yahoo\Companion
Key Found : HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Earth Networks
Key Found : HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Yahoo\YFriendsBar
Key Found : HKU\S-1-5-18\Software\Yahoo\Companion
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
Value Found : HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]

***** [ Web browsers ] *****


*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [8638 bytes] - [11/05/2016 17:20:29]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8711 bytes] ##########


I believe that's everything you wanted.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sun May 15, 2016 9:05 pm    Post subject: Reply with quote

Looking over your latest logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sun May 15, 2016 9:32 pm    Post subject: Reply with quote

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Quote:
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.710 - Oracle)


If that gives you any problem just move on to the next instructions, and let me know.

Next ....


  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.


Next ...


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (don't include Code:).


Code:
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: {8f28b220-7989-11dd-afef-00219b0070dd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: {92011722-4a4e-11e3-bdd0-00219b0070dd} - J:\LaunchU3.exe -a
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: MHTBPos00 Class -> {0C37B053-FD68-456a-82E1-D788EE342E6F} -> C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Alawar Elements -> {E33FF41E-53CB-4D93-885A-FFEFA04CD804} -> C:\Program Files\Alawar Elements\ScriptHost.dll [2013-11-27] (Alawar)
BHO: No Name -> {e86e69ac-a2ce-415a-967e-70ded47d72e2} -> No File
Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
Toolbar: HKLM - No Name - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - No File
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
FF Plugin: @alawar.com/npapi -> C:\Windows\npapi.dll [2013-09-12] (Alawar)
CHR Extension: (Alawar Elements) - C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom [2013-12-29] [UpdateUrl: hxxps://elements.alawar.com/updates/en/alawar/chrome.xml] <==== ATTENTION
U3 mbr; \??\C:\Users\Deborah\AppData\Local\Temp\mbr.sys [X]
C:\Users\Deborah\trillian-v3.1.10.0.exe
C:\Users\Deborah\AppData\Local\Temp\amazoncct.dll
C:\Users\Deborah\AppData\Local\Temp\cct.dll
C:\Users\Deborah\AppData\Local\Temp\JavaIC.dll
C:\Users\Deborah\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\msscct32.dll
C:\Users\Deborah\AppData\Local\Temp\YSearchUtil.dll
AlternateDataStreams: C:\ProgramData\TEMP:000D6A25 [214]
AlternateDataStreams: C:\ProgramData\TEMP:0073ABE1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:0406003C [120]
AlternateDataStreams: C:\ProgramData\TEMP:063969F8 [147]
AlternateDataStreams: C:\ProgramData\TEMP:06C34166 [258]
AlternateDataStreams: C:\ProgramData\TEMP:0778CBF2 [236]
AlternateDataStreams: C:\ProgramData\TEMP:082EF53F [147]
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449 [193]
AlternateDataStreams: C:\ProgramData\TEMP:0ADB5110 [264]
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52 [251]
AlternateDataStreams: C:\ProgramData\TEMP:0B352B60 [143]
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [135]
AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F [398]
AlternateDataStreams: C:\ProgramData\TEMP:0F6AC518 [244]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [248]
AlternateDataStreams: C:\ProgramData\TEMP:1095ECE1 [235]
AlternateDataStreams: C:\ProgramData\TEMP:13765436 [118]
AlternateDataStreams: C:\ProgramData\TEMP:13AE32E5 [428]
AlternateDataStreams: C:\ProgramData\TEMP:14D29229 [217]
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B [480]
AlternateDataStreams: C:\ProgramData\TEMP:16E76E27 [127]
AlternateDataStreams: C:\ProgramData\TEMP:175721D5 [242]
AlternateDataStreams: C:\ProgramData\TEMP:177313FB [218]
AlternateDataStreams: C:\ProgramData\TEMP:1802D824 [247]
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC [258]
AlternateDataStreams: C:\ProgramData\TEMP:19636FDD [130]
AlternateDataStreams: C:\ProgramData\TEMP:1968990D [222]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [468]
AlternateDataStreams: C:\ProgramData\TEMP:1A5207FA [211]
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801 [286]
AlternateDataStreams: C:\ProgramData\TEMP:1D0E1028 [118]
AlternateDataStreams: C:\ProgramData\TEMP:1DD8718C [134]
AlternateDataStreams: C:\ProgramData\TEMP:1E8BA99C [197]
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD [214]
AlternateDataStreams: C:\ProgramData\TEMP:220C42CA [130]
AlternateDataStreams: C:\ProgramData\TEMP:23F65965 [132]
AlternateDataStreams: C:\ProgramData\TEMP:254AD2ED [234]
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0 [240]
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2 [494]
AlternateDataStreams: C:\ProgramData\TEMP:27974442 [120]
AlternateDataStreams: C:\ProgramData\TEMP:2832349A [115]
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607 [213]
AlternateDataStreams: C:\ProgramData\TEMP:2B9146DE [226]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61 [136]
AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7 [209]
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929 [124]
AlternateDataStreams: C:\ProgramData\TEMP:2D5180DD [242]
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6 [254]
AlternateDataStreams: C:\ProgramData\TEMP:2E78333B [244]
AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48 [115]
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C [119]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [208]
AlternateDataStreams: C:\ProgramData\TEMP:3313A48D [202]
AlternateDataStreams: C:\ProgramData\TEMP:3433021E [112]
AlternateDataStreams: C:\ProgramData\TEMP:361703F1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:38B32B54 [212]
AlternateDataStreams: C:\ProgramData\TEMP:391535F9 [231]
AlternateDataStreams: C:\ProgramData\TEMP:3941DF1F [131]
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC [480]
AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C [219]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [239]
AlternateDataStreams: C:\ProgramData\TEMP:3C66B20F [207]
AlternateDataStreams: C:\ProgramData\TEMP:3CC01EE7 [132]
AlternateDataStreams: C:\ProgramData\TEMP:3DF63AD7 [208]
AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [500]
AlternateDataStreams: C:\ProgramData\TEMP:42B6425E [197]
AlternateDataStreams: C:\ProgramData\TEMP:436AFF0E [244]
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140 [430]
AlternateDataStreams: C:\ProgramData\TEMP:4440A77E [120]
AlternateDataStreams: C:\ProgramData\TEMP:45335F0B [210]
AlternateDataStreams: C:\ProgramData\TEMP:45B9FFA4 [240]
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C [482]
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0 [262]
AlternateDataStreams: C:\ProgramData\TEMP:473A733D [244]
AlternateDataStreams: C:\ProgramData\TEMP:48977386 [129]
AlternateDataStreams: C:\ProgramData\TEMP:494E4266 [253]
AlternateDataStreams: C:\ProgramData\TEMP:4A1628E5 [210]
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF [122]
AlternateDataStreams: C:\ProgramData\TEMP:4AB83B21 [490]
AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344 [125]
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4 [224]
AlternateDataStreams: C:\ProgramData\TEMP:500F73A8 [125]
AlternateDataStreams: C:\ProgramData\TEMP:5106F19A [255]
AlternateDataStreams: C:\ProgramData\TEMP:52AB1CE4 [206]
AlternateDataStreams: C:\ProgramData\TEMP:54B3F904 [137]
AlternateDataStreams: C:\ProgramData\TEMP:54F41DDA [210]
AlternateDataStreams: C:\ProgramData\TEMP:5511B474 [242]
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C [238]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [506]
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB [225]
AlternateDataStreams: C:\ProgramData\TEMP:58481C6F [247]
AlternateDataStreams: C:\ProgramData\TEMP:58860EF5 [108]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [216]
AlternateDataStreams: C:\ProgramData\TEMP:5974EE7C [262]
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3 [218]
AlternateDataStreams: C:\ProgramData\TEMP:5B307FD4 [252]
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7 [114]
AlternateDataStreams: C:\ProgramData\TEMP:5C8B8194 [175]
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178 [213]
AlternateDataStreams: C:\ProgramData\TEMP:5D95C77E [110]
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\TEMP:5E24C78B [206]
AlternateDataStreams: C:\ProgramData\TEMP:5E707762 [133]
AlternateDataStreams: C:\ProgramData\TEMP:5EC3C304 [136]
AlternateDataStreams: C:\ProgramData\TEMP:62672BC8 [420]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [235]
AlternateDataStreams: C:\ProgramData\TEMP:639F0420 [222]
AlternateDataStreams: C:\ProgramData\TEMP:661DC753 [243]
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F [146]
AlternateDataStreams: C:\ProgramData\TEMP:6710EF08 [203]
AlternateDataStreams: C:\ProgramData\TEMP:67310058 [143]
AlternateDataStreams: C:\ProgramData\TEMP:6764D965 [129]
AlternateDataStreams: C:\ProgramData\TEMP:678C1866 [418]
AlternateDataStreams: C:\ProgramData\TEMP:67C320D1 [204]
AlternateDataStreams: C:\ProgramData\TEMP:68198EE3 [120]
AlternateDataStreams: C:\ProgramData\TEMP:69E3AF64 [117]
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31 [140]
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6B55B892 [194]
AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 [253]
AlternateDataStreams: C:\ProgramData\TEMP:6C75AF4C [141]
AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF [448]
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 [202]
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619 [418]
AlternateDataStreams: C:\ProgramData\TEMP:71A89A93 [206]
AlternateDataStreams: C:\ProgramData\TEMP:74091520 [114]
AlternateDataStreams: C:\ProgramData\TEMP:759BAE18 [134]
AlternateDataStreams: C:\ProgramData\TEMP:76987FE5 [238]
AlternateDataStreams: C:\ProgramData\TEMP:77F49022 [226]
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9 [215]
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 [426]
AlternateDataStreams: C:\ProgramData\TEMP:7929462F [248]
AlternateDataStreams: C:\ProgramData\TEMP:7A632F57 [466]
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB [217]
AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690 [219]
AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF [133]
AlternateDataStreams: C:\ProgramData\TEMP:803039D6 [458]
AlternateDataStreams: C:\ProgramData\TEMP:80BFDE16 [135]
AlternateDataStreams: C:\ProgramData\TEMP:81410B90 [141]
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF [234]
AlternateDataStreams: C:\ProgramData\TEMP:85C3B823 [221]
AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3 [185]
AlternateDataStreams: C:\ProgramData\TEMP:884C7316 [216]
AlternateDataStreams: C:\ProgramData\TEMP:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C [149]
AlternateDataStreams: C:\ProgramData\TEMP:8ACB3478 [148]
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2 [217]
AlternateDataStreams: C:\ProgramData\TEMP:8C1EFEB8 [118]
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137 [204]
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [114]
AlternateDataStreams: C:\ProgramData\TEMP:91730504 [260]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [226]
AlternateDataStreams: C:\ProgramData\TEMP:93B8F954 [194]
AlternateDataStreams: C:\ProgramData\TEMP:954C27C6 [113]
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E [225]
AlternateDataStreams: C:\ProgramData\TEMP:9812B773 [466]
AlternateDataStreams: C:\ProgramData\TEMP:98982C88 [430]
AlternateDataStreams: C:\ProgramData\TEMP:996104FC [220]
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [250]
AlternateDataStreams: C:\ProgramData\TEMP:99A29126 [202]
AlternateDataStreams: C:\ProgramData\TEMP:9AD417ED [100]
AlternateDataStreams: C:\ProgramData\TEMP:9B721CFF [211]
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 [222]
AlternateDataStreams: C:\ProgramData\TEMP:9BCE6BBD [146]
AlternateDataStreams: C:\ProgramData\TEMP:9C435C94 [250]
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3 [133]
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [235]
AlternateDataStreams: C:\ProgramData\TEMP:A1460B2A [214]
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 [406]
AlternateDataStreams: C:\ProgramData\TEMP:A3251D01 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [232]
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B [124]
AlternateDataStreams: C:\ProgramData\TEMP:A5948878 [132]
AlternateDataStreams: C:\ProgramData\TEMP:A692C296 [106]
AlternateDataStreams: C:\ProgramData\TEMP:A8369371 [229]
AlternateDataStreams: C:\ProgramData\TEMP:A8725EB5 [286]
AlternateDataStreams: C:\ProgramData\TEMP:A8DAF782 [190]
AlternateDataStreams: C:\ProgramData\TEMP:AB4B1687 [250]
AlternateDataStreams: C:\ProgramData\TEMP:AB6E0B6B [418]
AlternateDataStreams: C:\ProgramData\TEMP:ABE818FA [130]
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73 [140]
AlternateDataStreams: C:\ProgramData\TEMP:AC83EA04 [209]
AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538 [226]
AlternateDataStreams: C:\ProgramData\TEMP:AF54CFFD [199]
AlternateDataStreams: C:\ProgramData\TEMP:B0B6888E [191]
AlternateDataStreams: C:\ProgramData\TEMP:B1786630 [228]
AlternateDataStreams: C:\ProgramData\TEMP:B18C4339 [116]
AlternateDataStreams: C:\ProgramData\TEMP:B1997945 [498]
AlternateDataStreams: C:\ProgramData\TEMP:B1E61D6A [105]
AlternateDataStreams: C:\ProgramData\TEMP:B6DD2C7E [226]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [232]
AlternateDataStreams: C:\ProgramData\TEMP:B904C348 [95]
AlternateDataStreams: C:\ProgramData\TEMP:B942A5C5 [476]
AlternateDataStreams: C:\ProgramData\TEMP:B9F8237A [400]
AlternateDataStreams: C:\ProgramData\TEMP:BE0BAFE1 [141]
AlternateDataStreams: C:\ProgramData\TEMP:BE7C4A02 [198]
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417 [286]
AlternateDataStreams: C:\ProgramData\TEMP:C0BA0690 [138]
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F [135]
AlternateDataStreams: C:\ProgramData\TEMP:C5901F6D [121]
AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8 [119]
AlternateDataStreams: C:\ProgramData\TEMP:C820549A [225]
AlternateDataStreams: C:\ProgramData\TEMP:C8E82994 [105]
AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2 [466]
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34 [207]
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8 [448]
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F [203]
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4 [113]
AlternateDataStreams: C:\ProgramData\TEMP:CDB75348 [125]
AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F [225]
AlternateDataStreams: C:\ProgramData\TEMP:D07517E1 [250]
AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C [207]
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6 [239]
AlternateDataStreams: C:\ProgramData\TEMP:D507AEDA [119]
AlternateDataStreams: C:\ProgramData\TEMP:D5151683 [458]
AlternateDataStreams: C:\ProgramData\TEMP:D5CCCBAA [224]
AlternateDataStreams: C:\ProgramData\TEMP:D9089E64 [276]
AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7 [140]
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E [426]
AlternateDataStreams: C:\ProgramData\TEMP:D9EDE5FA [256]
AlternateDataStreams: C:\ProgramData\TEMP:DA24A961 [135]
AlternateDataStreams: C:\ProgramData\TEMP:DB16B026 [206]
AlternateDataStreams: C:\ProgramData\TEMP:DE47A3DA [416]
AlternateDataStreams: C:\ProgramData\TEMP:DEE38664 [244]
AlternateDataStreams: C:\ProgramData\TEMP:DEE46C4E [115]
AlternateDataStreams: C:\ProgramData\TEMP:E0CDBB5A [257]
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC [140]
AlternateDataStreams: C:\ProgramData\TEMP:E1D6C864 [398]
AlternateDataStreams: C:\ProgramData\TEMP:E21987F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:E222F217 [122]
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9 [432]
AlternateDataStreams: C:\ProgramData\TEMP:E5B6B9C5 [286]
AlternateDataStreams: C:\ProgramData\TEMP:E5F8E280 [232]
AlternateDataStreams: C:\ProgramData\TEMP:E6C6EB3B [230]
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC [119]
AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554 [286]
AlternateDataStreams: C:\ProgramData\TEMP:EAF8F87B [136]
AlternateDataStreams: C:\ProgramData\TEMP:EB0255AA [260]
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC [146]
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355 [212]
AlternateDataStreams: C:\ProgramData\TEMP:ED194880 [129]
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC [231]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [210]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:F28DF4DC [121]
AlternateDataStreams: C:\ProgramData\TEMP:F3DE733A [229]
AlternateDataStreams: C:\ProgramData\TEMP:F5B99CA4 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F5F96E70 [134]
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273 [138]
AlternateDataStreams: C:\ProgramData\TEMP:F7370879 [111]
AlternateDataStreams: C:\ProgramData\TEMP:F760FD47 [126]
AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB [123]
AlternateDataStreams: C:\ProgramData\TEMP:F8BCC942 [140]
AlternateDataStreams: C:\ProgramData\TEMP:F986CC21 [135]
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82 [104]
AlternateDataStreams: C:\ProgramData\TEMP:FB647F34 [141]
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9 [137]
AlternateDataStreams: C:\ProgramData\TEMP:FD8BCF62 [249]
AlternateDataStreams: C:\ProgramData\TEMP:FF251D87 [113]
AlternateDataStreams: C:\ProgramData\TEMP:FF7D915E [120]
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



Summary of the logs I need from you in your next post:

  • ADWCleaner log
  • Fixlog.txt
  • Let me know how the computer is running now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Mon May 16, 2016 2:17 pm    Post subject: followed instructions. Reply with quote

Ok, I followed your instructions. here is my ADWCleaner log.


# AdwCleaner v5.117 - Logfile created 16/05/2016 at 15:49:08
# Updated 15/05/2016 by Xplode
# Database : 2016-05-15.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X86)
# Username : Deborah - SONNY
# Running from : C:\Users\Deborah\Desktop\DEBI'S STUFF\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\quickclick
[-] Folder Deleted : C:\ProgramData\Trymedia
[#] Folder Deleted : C:\ProgramData\Application Data\quickclick
[#] Folder Deleted : C:\ProgramData\Application Data\Trymedia
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Around the world in 80 days
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WeatherBug®
[-] Folder Deleted : C:\Program Files\Around the world in 80 days
[-] Folder Deleted : C:\Program Files\Coupons
[-] Folder Deleted : C:\Program Files\Earth Networks
[-] Folder Deleted : C:\Users\Deborah\AppData\LocalLow\Yahoo!\Companion
[-] Folder Deleted : C:\Users\Deborah\AppData\Roaming\download Manager
[-] Folder Deleted : C:\Users\Deborah\AppData\Roaming\quickclick
[-] Folder Deleted : C:\Users\Deborah\AppData\Roaming\Pogo Games
[-] Folder Deleted : C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom

***** [ Files ] *****

[-] File Deleted : C:\Users\Deborah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\WeatherBug®.lnk
[-] File Deleted : C:\Users\Deborah\AppData\Roaming\Microsoft\Windows\Start Menu\WeatherBug®.lnk

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
[-] Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.MHTBPos00
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.MHTBPos00.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBBE01ED-0F1E-44DB-88C1-5CC1AEE3B462}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E45F3E8-2683-4824-A6BE-08108022FB36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Earth Networks
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Trymedia Systems
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherBug®
[-] Key Deleted : HKU\.DEFAULT\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\deals.softonic.com
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]
[#] Value Deleted : HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Run [WeatherBug]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [9069 bytes] - [16/05/2016 15:49:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [8790 bytes] - [11/05/2016 17:20:29]
C:\AdwCleaner\AdwCleaner[S2].txt - [9051 bytes] - [16/05/2016 15:46:48]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9288 bytes] ##########
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Mon May 16, 2016 2:19 pm    Post subject: Fixlog.txt Reply with quote

Here's my Fixlog.txt.


Fix result of Farbar Recovery Scan Tool (x86) Version:16-05-2016
Ran by Deborah (2016-05-16 15:56:41) Run:1
Running from C:\Users\Deborah\Desktop\DEBI'S STUFF
Loaded Profiles: Deborah (Available Profiles: Deborah & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: E - E:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: {8f28b220-7989-11dd-afef-00219b0070dd} - J:\LaunchU3.exe -a
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\...\MountPoints2: {92011722-4a4e-11e3-bdd0-00219b0070dd} - J:\LaunchU3.exe -a
SearchScopes: HKLM -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL = hxxp://search.myheritage.com?orig=ds&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> {BE28C22E-F666-424d-B5FD-125C4AFEE34E} URL =
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: MHTBPos00 Class -> {0C37B053-FD68-456a-82E1-D788EE342E6F} -> C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-28] (Oracle Corporation)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll [2006-11-09] (Dell Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-28] (Oracle Corporation)
BHO: Alawar Elements -> {E33FF41E-53CB-4D93-885A-FFEFA04CD804} -> C:\Program Files\Alawar Elements\ScriptHost.dll [2013-11-27] (Alawar)
BHO: No Name -> {e86e69ac-a2ce-415a-967e-70ded47d72e2} -> No File
Toolbar: HKLM - Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
Toolbar: HKLM - No Name - {10834e9a-d475-4a24-ad01-f3f24f71b28e} - No File
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1100672905-2365331096-1695293828-1000 -> Family Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07] ()
FF Plugin: @alawar.com/npapi -> C:\Windows\npapi.dll [2013-09-12] (Alawar)
CHR Extension: (Alawar Elements) - C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom [2013-12-29] [UpdateUrl: hxxps://elements.alawar.com/updates/en/alawar/chrome.xml] <==== ATTENTION
U3 mbr; \??\C:\Users\Deborah\AppData\Local\Temp\mbr.sys [X]
C:\Users\Deborah\trillian-v3.1.10.0.exe
C:\Users\Deborah\AppData\Local\Temp\amazoncct.dll
C:\Users\Deborah\AppData\Local\Temp\cct.dll
C:\Users\Deborah\AppData\Local\Temp\JavaIC.dll
C:\Users\Deborah\AppData\Local\Temp\jre-8u40-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\jre-8u71-windows-au.exe
C:\Users\Deborah\AppData\Local\Temp\msscct32.dll
C:\Users\Deborah\AppData\Local\Temp\YSearchUtil.dll
AlternateDataStreams: C:\ProgramData\TEMP:000D6A25 [214]
AlternateDataStreams: C:\ProgramData\TEMP:0073ABE1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:0406003C [120]
AlternateDataStreams: C:\ProgramData\TEMP:063969F8 [147]
AlternateDataStreams: C:\ProgramData\TEMP:06C34166 [258]
AlternateDataStreams: C:\ProgramData\TEMP:0778CBF2 [236]
AlternateDataStreams: C:\ProgramData\TEMP:082EF53F [147]
AlternateDataStreams: C:\ProgramData\TEMP:0AC32449 [193]
AlternateDataStreams: C:\ProgramData\TEMP:0ADB5110 [264]
AlternateDataStreams: C:\ProgramData\TEMP:0ADCCF52 [251]
AlternateDataStreams: C:\ProgramData\TEMP:0B352B60 [143]
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B [135]
AlternateDataStreams: C:\ProgramData\TEMP:0ED4AC2F [398]
AlternateDataStreams: C:\ProgramData\TEMP:0F6AC518 [244]
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8 [248]
AlternateDataStreams: C:\ProgramData\TEMP:1095ECE1 [235]
AlternateDataStreams: C:\ProgramData\TEMP:13765436 [118]
AlternateDataStreams: C:\ProgramData\TEMP:13AE32E5 [428]
AlternateDataStreams: C:\ProgramData\TEMP:14D29229 [217]
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B [480]
AlternateDataStreams: C:\ProgramData\TEMP:16E76E27 [127]
AlternateDataStreams: C:\ProgramData\TEMP:175721D5 [242]
AlternateDataStreams: C:\ProgramData\TEMP:177313FB [218]
AlternateDataStreams: C:\ProgramData\TEMP:1802D824 [247]
AlternateDataStreams: C:\ProgramData\TEMP:18A6D2CC [258]
AlternateDataStreams: C:\ProgramData\TEMP:19636FDD [130]
AlternateDataStreams: C:\ProgramData\TEMP:1968990D [222]
AlternateDataStreams: C:\ProgramData\TEMP:1A14B3AF [468]
AlternateDataStreams: C:\ProgramData\TEMP:1A5207FA [211]
AlternateDataStreams: C:\ProgramData\TEMP:1BD02801 [286]
AlternateDataStreams: C:\ProgramData\TEMP:1D0E1028 [118]
AlternateDataStreams: C:\ProgramData\TEMP:1DD8718C [134]
AlternateDataStreams: C:\ProgramData\TEMP:1E8BA99C [197]
AlternateDataStreams: C:\ProgramData\TEMP:1F7A10DD [214]
AlternateDataStreams: C:\ProgramData\TEMP:220C42CA [130]
AlternateDataStreams: C:\ProgramData\TEMP:23F65965 [132]
AlternateDataStreams: C:\ProgramData\TEMP:254AD2ED [234]
AlternateDataStreams: C:\ProgramData\TEMP:271E16B0 [240]
AlternateDataStreams: C:\ProgramData\TEMP:2775F9E2 [494]
AlternateDataStreams: C:\ProgramData\TEMP:27974442 [120]
AlternateDataStreams: C:\ProgramData\TEMP:2832349A [115]
AlternateDataStreams: C:\ProgramData\TEMP:2B1EA607 [213]
AlternateDataStreams: C:\ProgramData\TEMP:2B9146DE [226]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:2CCDBD61 [136]
AlternateDataStreams: C:\ProgramData\TEMP:2D2461E7 [209]
AlternateDataStreams: C:\ProgramData\TEMP:2D3CB929 [124]
AlternateDataStreams: C:\ProgramData\TEMP:2D5180DD [242]
AlternateDataStreams: C:\ProgramData\TEMP:2E33E4A6 [254]
AlternateDataStreams: C:\ProgramData\TEMP:2E78333B [244]
AlternateDataStreams: C:\ProgramData\TEMP:2EA99C48 [115]
AlternateDataStreams: C:\ProgramData\TEMP:2EC5D66C [119]
AlternateDataStreams: C:\ProgramData\TEMP:2F141B68 [208]
AlternateDataStreams: C:\ProgramData\TEMP:3313A48D [202]
AlternateDataStreams: C:\ProgramData\TEMP:3433021E [112]
AlternateDataStreams: C:\ProgramData\TEMP:361703F1 [131]
AlternateDataStreams: C:\ProgramData\TEMP:38B32B54 [212]
AlternateDataStreams: C:\ProgramData\TEMP:391535F9 [231]
AlternateDataStreams: C:\ProgramData\TEMP:3941DF1F [131]
AlternateDataStreams: C:\ProgramData\TEMP:3AF262FC [480]
AlternateDataStreams: C:\ProgramData\TEMP:3B454A5C [219]
AlternateDataStreams: C:\ProgramData\TEMP:3B4DA230 [239]
AlternateDataStreams: C:\ProgramData\TEMP:3C66B20F [207]
AlternateDataStreams: C:\ProgramData\TEMP:3CC01EE7 [132]
AlternateDataStreams: C:\ProgramData\TEMP:3DF63AD7 [208]
AlternateDataStreams: C:\ProgramData\TEMP:3FE1A827 [137]
AlternateDataStreams: C:\ProgramData\TEMP:426D1496 [500]
AlternateDataStreams: C:\ProgramData\TEMP:42B6425E [197]
AlternateDataStreams: C:\ProgramData\TEMP:436AFF0E [244]
AlternateDataStreams: C:\ProgramData\TEMP:43C9D140 [430]
AlternateDataStreams: C:\ProgramData\TEMP:4440A77E [120]
AlternateDataStreams: C:\ProgramData\TEMP:45335F0B [210]
AlternateDataStreams: C:\ProgramData\TEMP:45B9FFA4 [240]
AlternateDataStreams: C:\ProgramData\TEMP:46CBC45C [482]
AlternateDataStreams: C:\ProgramData\TEMP:471AD3D0 [262]
AlternateDataStreams: C:\ProgramData\TEMP:473A733D [244]
AlternateDataStreams: C:\ProgramData\TEMP:48977386 [129]
AlternateDataStreams: C:\ProgramData\TEMP:494E4266 [253]
AlternateDataStreams: C:\ProgramData\TEMP:4A1628E5 [210]
AlternateDataStreams: C:\ProgramData\TEMP:4A2862FF [122]
AlternateDataStreams: C:\ProgramData\TEMP:4AB83B21 [490]
AlternateDataStreams: C:\ProgramData\TEMP:4CD3F344 [125]
AlternateDataStreams: C:\ProgramData\TEMP:4EE323A4 [224]
AlternateDataStreams: C:\ProgramData\TEMP:500F73A8 [125]
AlternateDataStreams: C:\ProgramData\TEMP:5106F19A [255]
AlternateDataStreams: C:\ProgramData\TEMP:52AB1CE4 [206]
AlternateDataStreams: C:\ProgramData\TEMP:54B3F904 [137]
AlternateDataStreams: C:\ProgramData\TEMP:54F41DDA [210]
AlternateDataStreams: C:\ProgramData\TEMP:5511B474 [242]
AlternateDataStreams: C:\ProgramData\TEMP:5607B58C [238]
AlternateDataStreams: C:\ProgramData\TEMP:566B9179 [506]
AlternateDataStreams: C:\ProgramData\TEMP:57B374AB [225]
AlternateDataStreams: C:\ProgramData\TEMP:58481C6F [247]
AlternateDataStreams: C:\ProgramData\TEMP:58860EF5 [108]
AlternateDataStreams: C:\ProgramData\TEMP:58E38390 [216]
AlternateDataStreams: C:\ProgramData\TEMP:5974EE7C [262]
AlternateDataStreams: C:\ProgramData\TEMP:5A437AC3 [218]
AlternateDataStreams: C:\ProgramData\TEMP:5B307FD4 [252]
AlternateDataStreams: C:\ProgramData\TEMP:5B4686D7 [114]
AlternateDataStreams: C:\ProgramData\TEMP:5C8B8194 [175]
AlternateDataStreams: C:\ProgramData\TEMP:5D17C178 [213]
AlternateDataStreams: C:\ProgramData\TEMP:5D95C77E [110]
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83 [119]
AlternateDataStreams: C:\ProgramData\TEMP:5E24C78B [206]
AlternateDataStreams: C:\ProgramData\TEMP:5E707762 [133]
AlternateDataStreams: C:\ProgramData\TEMP:5EC3C304 [136]
AlternateDataStreams: C:\ProgramData\TEMP:62672BC8 [420]
AlternateDataStreams: C:\ProgramData\TEMP:639BB5E9 [235]
AlternateDataStreams: C:\ProgramData\TEMP:639F0420 [222]
AlternateDataStreams: C:\ProgramData\TEMP:661DC753 [243]
AlternateDataStreams: C:\ProgramData\TEMP:66FC2E6F [146]
AlternateDataStreams: C:\ProgramData\TEMP:6710EF08 [203]
AlternateDataStreams: C:\ProgramData\TEMP:67310058 [143]
AlternateDataStreams: C:\ProgramData\TEMP:6764D965 [129]
AlternateDataStreams: C:\ProgramData\TEMP:678C1866 [418]
AlternateDataStreams: C:\ProgramData\TEMP:67C320D1 [204]
AlternateDataStreams: C:\ProgramData\TEMP:68198EE3 [120]
AlternateDataStreams: C:\ProgramData\TEMP:69E3AF64 [117]
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31 [140]
AlternateDataStreams: C:\ProgramData\TEMP:6AD65294 [249]
AlternateDataStreams: C:\ProgramData\TEMP:6B55B892 [194]
AlternateDataStreams: C:\ProgramData\TEMP:6B709AD7 [253]
AlternateDataStreams: C:\ProgramData\TEMP:6C75AF4C [141]
AlternateDataStreams: C:\ProgramData\TEMP:6D5A15BF [448]
AlternateDataStreams: C:\ProgramData\TEMP:6F1F66C0 [202]
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619 [418]
AlternateDataStreams: C:\ProgramData\TEMP:71A89A93 [206]
AlternateDataStreams: C:\ProgramData\TEMP:74091520 [114]
AlternateDataStreams: C:\ProgramData\TEMP:759BAE18 [134]
AlternateDataStreams: C:\ProgramData\TEMP:76987FE5 [238]
AlternateDataStreams: C:\ProgramData\TEMP:77F49022 [226]
AlternateDataStreams: C:\ProgramData\TEMP:78739EC9 [215]
AlternateDataStreams: C:\ProgramData\TEMP:78E0DF72 [426]
AlternateDataStreams: C:\ProgramData\TEMP:7929462F [248]
AlternateDataStreams: C:\ProgramData\TEMP:7A632F57 [466]
AlternateDataStreams: C:\ProgramData\TEMP:7AF9CAEB [217]
AlternateDataStreams: C:\ProgramData\TEMP:7B2BB690 [219]
AlternateDataStreams: C:\ProgramData\TEMP:801ED9DF [133]
AlternateDataStreams: C:\ProgramData\TEMP:803039D6 [458]
AlternateDataStreams: C:\ProgramData\TEMP:80BFDE16 [135]
AlternateDataStreams: C:\ProgramData\TEMP:81410B90 [141]
AlternateDataStreams: C:\ProgramData\TEMP:838FECBF [234]
AlternateDataStreams: C:\ProgramData\TEMP:85C3B823 [221]
AlternateDataStreams: C:\ProgramData\TEMP:881ED4D3 [185]
AlternateDataStreams: C:\ProgramData\TEMP:884C7316 [216]
AlternateDataStreams: C:\ProgramData\TEMP:88E8CC2E [272]
AlternateDataStreams: C:\ProgramData\TEMP:89CF6F9C [149]
AlternateDataStreams: C:\ProgramData\TEMP:8ACB3478 [148]
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2 [217]
AlternateDataStreams: C:\ProgramData\TEMP:8C1EFEB8 [118]
AlternateDataStreams: C:\ProgramData\TEMP:8DF68137 [204]
AlternateDataStreams: C:\ProgramData\TEMP:8E5EA40F [114]
AlternateDataStreams: C:\ProgramData\TEMP:91730504 [260]
AlternateDataStreams: C:\ProgramData\TEMP:922DA2DB [226]
AlternateDataStreams: C:\ProgramData\TEMP:93B8F954 [194]
AlternateDataStreams: C:\ProgramData\TEMP:954C27C6 [113]
AlternateDataStreams: C:\ProgramData\TEMP:97CA3B9E [225]
AlternateDataStreams: C:\ProgramData\TEMP:9812B773 [466]
AlternateDataStreams: C:\ProgramData\TEMP:98982C88 [430]
AlternateDataStreams: C:\ProgramData\TEMP:996104FC [220]
AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7 [250]
AlternateDataStreams: C:\ProgramData\TEMP:99A29126 [202]
AlternateDataStreams: C:\ProgramData\TEMP:9AD417ED [100]
AlternateDataStreams: C:\ProgramData\TEMP:9B721CFF [211]
AlternateDataStreams: C:\ProgramData\TEMP:9BAC4211 [222]
AlternateDataStreams: C:\ProgramData\TEMP:9BCE6BBD [146]
AlternateDataStreams: C:\ProgramData\TEMP:9C435C94 [250]
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3 [133]
AlternateDataStreams: C:\ProgramData\TEMP:A02025CE [235]
AlternateDataStreams: C:\ProgramData\TEMP:A1460B2A [214]
AlternateDataStreams: C:\ProgramData\TEMP:A26AFC00 [406]
AlternateDataStreams: C:\ProgramData\TEMP:A3251D01 [123]
AlternateDataStreams: C:\ProgramData\TEMP:A3B8F70C [232]
AlternateDataStreams: C:\ProgramData\TEMP:A4076A3B [124]
AlternateDataStreams: C:\ProgramData\TEMP:A5948878 [132]
AlternateDataStreams: C:\ProgramData\TEMP:A692C296 [106]
AlternateDataStreams: C:\ProgramData\TEMP:A8369371 [229]
AlternateDataStreams: C:\ProgramData\TEMP:A8725EB5 [286]
AlternateDataStreams: C:\ProgramData\TEMP:A8DAF782 [190]
AlternateDataStreams: C:\ProgramData\TEMP:AB4B1687 [250]
AlternateDataStreams: C:\ProgramData\TEMP:AB6E0B6B [418]
AlternateDataStreams: C:\ProgramData\TEMP:ABE818FA [130]
AlternateDataStreams: C:\ProgramData\TEMP:AC733A73 [140]
AlternateDataStreams: C:\ProgramData\TEMP:AC83EA04 [209]
AlternateDataStreams: C:\ProgramData\TEMP:ACCFA538 [226]
AlternateDataStreams: C:\ProgramData\TEMP:AF54CFFD [199]
AlternateDataStreams: C:\ProgramData\TEMP:B0B6888E [191]
AlternateDataStreams: C:\ProgramData\TEMP:B1786630 [228]
AlternateDataStreams: C:\ProgramData\TEMP:B18C4339 [116]
AlternateDataStreams: C:\ProgramData\TEMP:B1997945 [498]
AlternateDataStreams: C:\ProgramData\TEMP:B1E61D6A [105]
AlternateDataStreams: C:\ProgramData\TEMP:B6DD2C7E [226]
AlternateDataStreams: C:\ProgramData\TEMP:B8791731 [232]
AlternateDataStreams: C:\ProgramData\TEMP:B904C348 [95]
AlternateDataStreams: C:\ProgramData\TEMP:B942A5C5 [476]
AlternateDataStreams: C:\ProgramData\TEMP:B9F8237A [400]
AlternateDataStreams: C:\ProgramData\TEMP:BE0BAFE1 [141]
AlternateDataStreams: C:\ProgramData\TEMP:BE7C4A02 [198]
AlternateDataStreams: C:\ProgramData\TEMP:BFE54417 [286]
AlternateDataStreams: C:\ProgramData\TEMP:C0BA0690 [138]
AlternateDataStreams: C:\ProgramData\TEMP:C0D23A2F [135]
AlternateDataStreams: C:\ProgramData\TEMP:C5901F6D [121]
AlternateDataStreams: C:\ProgramData\TEMP:C611D6C8 [119]
AlternateDataStreams: C:\ProgramData\TEMP:C820549A [225]
AlternateDataStreams: C:\ProgramData\TEMP:C8E82994 [105]
AlternateDataStreams: C:\ProgramData\TEMP:C946EBB2 [466]
AlternateDataStreams: C:\ProgramData\TEMP:CAC06C34 [207]
AlternateDataStreams: C:\ProgramData\TEMP:CAF8DAC8 [448]
AlternateDataStreams: C:\ProgramData\TEMP:CB16385F [203]
AlternateDataStreams: C:\ProgramData\TEMP:CC4C59B4 [113]
AlternateDataStreams: C:\ProgramData\TEMP:CDB75348 [125]
AlternateDataStreams: C:\ProgramData\TEMP:CF391C0F [225]
AlternateDataStreams: C:\ProgramData\TEMP:D07517E1 [250]
AlternateDataStreams: C:\ProgramData\TEMP:D31BE97C [207]
AlternateDataStreams: C:\ProgramData\TEMP:D4BB0AD6 [239]
AlternateDataStreams: C:\ProgramData\TEMP:D507AEDA [119]
AlternateDataStreams: C:\ProgramData\TEMP:D5151683 [458]
AlternateDataStreams: C:\ProgramData\TEMP:D5CCCBAA [224]
AlternateDataStreams: C:\ProgramData\TEMP:D9089E64 [276]
AlternateDataStreams: C:\ProgramData\TEMP:D93AABC7 [140]
AlternateDataStreams: C:\ProgramData\TEMP:D9B1EB7E [426]
AlternateDataStreams: C:\ProgramData\TEMP:D9EDE5FA [256]
AlternateDataStreams: C:\ProgramData\TEMP:DA24A961 [135]
AlternateDataStreams: C:\ProgramData\TEMP:DB16B026 [206]
AlternateDataStreams: C:\ProgramData\TEMP:DE47A3DA [416]
AlternateDataStreams: C:\ProgramData\TEMP:DEE38664 [244]
AlternateDataStreams: C:\ProgramData\TEMP:DEE46C4E [115]
AlternateDataStreams: C:\ProgramData\TEMP:E0CDBB5A [257]
AlternateDataStreams: C:\ProgramData\TEMP:E1610EDC [140]
AlternateDataStreams: C:\ProgramData\TEMP:E1D6C864 [398]
AlternateDataStreams: C:\ProgramData\TEMP:E21987F7 [246]
AlternateDataStreams: C:\ProgramData\TEMP:E222F217 [122]
AlternateDataStreams: C:\ProgramData\TEMP:E51234A9 [432]
AlternateDataStreams: C:\ProgramData\TEMP:E5B6B9C5 [286]
AlternateDataStreams: C:\ProgramData\TEMP:E5F8E280 [232]
AlternateDataStreams: C:\ProgramData\TEMP:E6C6EB3B [230]
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC [119]
AlternateDataStreams: C:\ProgramData\TEMP:EAEE7554 [286]
AlternateDataStreams: C:\ProgramData\TEMP:EAF8F87B [136]
AlternateDataStreams: C:\ProgramData\TEMP:EB0255AA [260]
AlternateDataStreams: C:\ProgramData\TEMP:EB333CFC [146]
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355 [212]
AlternateDataStreams: C:\ProgramData\TEMP:ED194880 [129]
AlternateDataStreams: C:\ProgramData\TEMP:EDE28CFC [231]
AlternateDataStreams: C:\ProgramData\TEMP:F1175E1D [210]
AlternateDataStreams: C:\ProgramData\TEMP:F19A4790 [231]
AlternateDataStreams: C:\ProgramData\TEMP:F28DF4DC [121]
AlternateDataStreams: C:\ProgramData\TEMP:F3DE733A [229]
AlternateDataStreams: C:\ProgramData\TEMP:F5B99CA4 [125]
AlternateDataStreams: C:\ProgramData\TEMP:F5F96E70 [134]
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273 [138]
AlternateDataStreams: C:\ProgramData\TEMP:F7370879 [111]
AlternateDataStreams: C:\ProgramData\TEMP:F760FD47 [126]
AlternateDataStreams: C:\ProgramData\TEMP:F7F6E6CB [123]
AlternateDataStreams: C:\ProgramData\TEMP:F8BCC942 [140]
AlternateDataStreams: C:\ProgramData\TEMP:F986CC21 [135]
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82 [104]
AlternateDataStreams: C:\ProgramData\TEMP:FB647F34 [141]
AlternateDataStreams: C:\ProgramData\TEMP:FBE5FDB9 [137]
AlternateDataStreams: C:\ProgramData\TEMP:FD8BCF62 [249]
AlternateDataStreams: C:\ProgramData\TEMP:FF251D87 [113]
AlternateDataStreams: C:\ProgramData\TEMP:FF7D915E [120]
EmptyTemp:
Hosts:
cmd: ipconfig /flushdns
*****************

"HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E" => key removed successfully.
"HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f28b220-7989-11dd-afef-00219b0070dd}" => key removed successfully.
HKCR\CLSID\{8f28b220-7989-11dd-afef-00219b0070dd} => key not found.
"HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92011722-4a4e-11e3-bdd0-00219b0070dd}" => key removed successfully.
HKCR\CLSID\{92011722-4a4e-11e3-bdd0-00219b0070dd} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}" => key removed successfully.
HKCR\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => key not found.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}" => key removed successfully.
HKCR\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
HKCR\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}" => key removed successfully.
"HKCR\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
"HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
"HKCR\CLSID\{CA6319C0-31B7-401E-A518-A07C3DB8F777}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33FF41E-53CB-4D93-885A-FFEFA04CD804}" => key removed successfully.
"HKCR\CLSID\{E33FF41E-53CB-4D93-885A-FFEFA04CD804}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e86e69ac-a2ce-415a-967e-70ded47d72e2}" => key removed successfully.
"HKCR\CLSID\{e86e69ac-a2ce-415a-967e-70ded47d72e2}" => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => value not found.
HKCR\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{10834e9a-d475-4a24-ad01-f3f24f71b28e} => value removed successfully.
"HKCR\CLSID\{10834e9a-d475-4a24-ad01-f3f24f71b28e}" => key removed successfully.
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found.
HKU\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => value not found.
HKCR\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} => key not found.
"HKLM\Software\MozillaPlugins\@alawar.com/npapi" => key removed successfully.
C:\Windows\npapi.dll => moved successfully
C:\Users\Deborah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mibfbmhijjgpkmobcfdlelpccpeafoom <==== ATTENTION => not found.
mbr => service not found.
C:\Users\Deborah\trillian-v3.1.10.0.exe => moved successfully
C:\Users\Deborah\AppData\Local\Temp\amazoncct.dll => moved successfully
C:\Users\Deborah\AppData\Local\Temp\cct.dll => moved successfully
C:\Users\Deborah\AppData\Local\Temp\JavaIC.dll => moved successfully
C:\Users\Deborah\AppData\Local\Temp\jre-8u40-windows-au.exe => moved successfully
C:\Users\Deborah\AppData\Local\Temp\jre-8u51-windows-au.exe => moved successfully
C:\Users\Deborah\AppData\Local\Temp\jre-8u71-windows-au.exe => moved successfully
C:\Users\Deborah\AppData\Local\Temp\msscct32.dll => moved successfully
C:\Users\Deborah\AppData\Local\Temp\YSearchUtil.dll => moved successfully
C:\ProgramData\TEMP => ":000D6A25" ADS removed successfully..
C:\ProgramData\TEMP => ":0073ABE1" ADS removed successfully..
C:\ProgramData\TEMP => ":0406003C" ADS removed successfully..
C:\ProgramData\TEMP => ":063969F8" ADS removed successfully..
C:\ProgramData\TEMP => ":06C34166" ADS removed successfully..
C:\ProgramData\TEMP => ":0778CBF2" ADS removed successfully..
C:\ProgramData\TEMP => ":082EF53F" ADS removed successfully..
C:\ProgramData\TEMP => ":0AC32449" ADS removed successfully..
C:\ProgramData\TEMP => ":0ADB5110" ADS removed successfully..
C:\ProgramData\TEMP => ":0ADCCF52" ADS removed successfully..
C:\ProgramData\TEMP => ":0B352B60" ADS removed successfully..
C:\ProgramData\TEMP => ":0E61938B" ADS removed successfully..
C:\ProgramData\TEMP => ":0ED4AC2F" ADS removed successfully..
C:\ProgramData\TEMP => ":0F6AC518" ADS removed successfully..
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully..
C:\ProgramData\TEMP => ":1095ECE1" ADS removed successfully..
C:\ProgramData\TEMP => ":13765436" ADS removed successfully..
C:\ProgramData\TEMP => ":13AE32E5" ADS removed successfully..
C:\ProgramData\TEMP => ":14D29229" ADS removed successfully..
C:\ProgramData\TEMP => ":160ADF0B" ADS removed successfully..
C:\ProgramData\TEMP => ":16E76E27" ADS removed successfully..
C:\ProgramData\TEMP => ":175721D5" ADS removed successfully..
C:\ProgramData\TEMP => ":177313FB" ADS removed successfully..
C:\ProgramData\TEMP => ":1802D824" ADS removed successfully..
C:\ProgramData\TEMP => ":18A6D2CC" ADS removed successfully..
C:\ProgramData\TEMP => ":19636FDD" ADS removed successfully..
C:\ProgramData\TEMP => ":1968990D" ADS removed successfully..
C:\ProgramData\TEMP => ":1A14B3AF" ADS removed successfully..
C:\ProgramData\TEMP => ":1A5207FA" ADS removed successfully..
C:\ProgramData\TEMP => ":1BD02801" ADS removed successfully..
C:\ProgramData\TEMP => ":1D0E1028" ADS removed successfully..
C:\ProgramData\TEMP => ":1DD8718C" ADS removed successfully..
C:\ProgramData\TEMP => ":1E8BA99C" ADS removed successfully..
C:\ProgramData\TEMP => ":1F7A10DD" ADS removed successfully..
C:\ProgramData\TEMP => ":220C42CA" ADS removed successfully..
C:\ProgramData\TEMP => ":23F65965" ADS removed successfully..
C:\ProgramData\TEMP => ":254AD2ED" ADS removed successfully..
C:\ProgramData\TEMP => ":271E16B0" ADS removed successfully..
C:\ProgramData\TEMP => ":2775F9E2" ADS removed successfully..
C:\ProgramData\TEMP => ":27974442" ADS removed successfully..
C:\ProgramData\TEMP => ":2832349A" ADS removed successfully..
C:\ProgramData\TEMP => ":2B1EA607" ADS removed successfully..
C:\ProgramData\TEMP => ":2B9146DE" ADS removed successfully..
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully..
C:\ProgramData\TEMP => ":2CCDBD61" ADS removed successfully..
C:\ProgramData\TEMP => ":2D2461E7" ADS removed successfully..
C:\ProgramData\TEMP => ":2D3CB929" ADS removed successfully..
C:\ProgramData\TEMP => ":2D5180DD" ADS removed successfully..
C:\ProgramData\TEMP => ":2E33E4A6" ADS removed successfully..
C:\ProgramData\TEMP => ":2E78333B" ADS removed successfully..
C:\ProgramData\TEMP => ":2EA99C48" ADS removed successfully..
C:\ProgramData\TEMP => ":2EC5D66C" ADS removed successfully..
C:\ProgramData\TEMP => ":2F141B68" ADS removed successfully..
C:\ProgramData\TEMP => ":3313A48D" ADS removed successfully..
C:\ProgramData\TEMP => ":3433021E" ADS removed successfully..
C:\ProgramData\TEMP => ":361703F1" ADS removed successfully..
C:\ProgramData\TEMP => ":38B32B54" ADS removed successfully..
C:\ProgramData\TEMP => ":391535F9" ADS removed successfully..
C:\ProgramData\TEMP => ":3941DF1F" ADS removed successfully..
C:\ProgramData\TEMP => ":3AF262FC" ADS removed successfully..
C:\ProgramData\TEMP => ":3B454A5C" ADS removed successfully..
C:\ProgramData\TEMP => ":3B4DA230" ADS removed successfully..
C:\ProgramData\TEMP => ":3C66B20F" ADS removed successfully..
C:\ProgramData\TEMP => ":3CC01EE7" ADS removed successfully..
C:\ProgramData\TEMP => ":3DF63AD7" ADS removed successfully..
C:\ProgramData\TEMP => ":3FE1A827" ADS removed successfully..
C:\ProgramData\TEMP => ":426D1496" ADS removed successfully..
C:\ProgramData\TEMP => ":42B6425E" ADS removed successfully..
C:\ProgramData\TEMP => ":436AFF0E" ADS removed successfully..
C:\ProgramData\TEMP => ":43C9D140" ADS removed successfully..
C:\ProgramData\TEMP => ":4440A77E" ADS removed successfully..
C:\ProgramData\TEMP => ":45335F0B" ADS removed successfully..
C:\ProgramData\TEMP => ":45B9FFA4" ADS removed successfully..
C:\ProgramData\TEMP => ":46CBC45C" ADS removed successfully..
C:\ProgramData\TEMP => ":471AD3D0" ADS removed successfully..
C:\ProgramData\TEMP => ":473A733D" ADS removed successfully..
C:\ProgramData\TEMP => ":48977386" ADS removed successfully..
C:\ProgramData\TEMP => ":494E4266" ADS removed successfully..
C:\ProgramData\TEMP => ":4A1628E5" ADS removed successfully..
C:\ProgramData\TEMP => ":4A2862FF" ADS removed successfully..
C:\ProgramData\TEMP => ":4AB83B21" ADS removed successfully..
C:\ProgramData\TEMP => ":4CD3F344" ADS removed successfully..
C:\ProgramData\TEMP => ":4EE323A4" ADS removed successfully..
C:\ProgramData\TEMP => ":500F73A8" ADS removed successfully..
C:\ProgramData\TEMP => ":5106F19A" ADS removed successfully..
C:\ProgramData\TEMP => ":52AB1CE4" ADS removed successfully..
C:\ProgramData\TEMP => ":54B3F904" ADS removed successfully..
C:\ProgramData\TEMP => ":54F41DDA" ADS removed successfully..
C:\ProgramData\TEMP => ":5511B474" ADS removed successfully..
C:\ProgramData\TEMP => ":5607B58C" ADS removed successfully..
C:\ProgramData\TEMP => ":566B9179" ADS removed successfully..
C:\ProgramData\TEMP => ":57B374AB" ADS removed successfully..
C:\ProgramData\TEMP => ":58481C6F" ADS removed successfully..
C:\ProgramData\TEMP => ":58860EF5" ADS removed successfully..
C:\ProgramData\TEMP => ":58E38390" ADS removed successfully..
C:\ProgramData\TEMP => ":5974EE7C" ADS removed successfully..
C:\ProgramData\TEMP => ":5A437AC3" ADS removed successfully..
C:\ProgramData\TEMP => ":5B307FD4" ADS removed successfully..
C:\ProgramData\TEMP => ":5B4686D7" ADS removed successfully..
C:\ProgramData\TEMP => ":5C8B8194" ADS removed successfully..
C:\ProgramData\TEMP => ":5D17C178" ADS removed successfully..
C:\ProgramData\TEMP => ":5D95C77E" ADS removed successfully..
C:\ProgramData\TEMP => ":5DABFF83" ADS removed successfully..
C:\ProgramData\TEMP => ":5E24C78B" ADS removed successfully..
C:\ProgramData\TEMP => ":5E707762" ADS removed successfully..
C:\ProgramData\TEMP => ":5EC3C304" ADS removed successfully..
C:\ProgramData\TEMP => ":62672BC8" ADS removed successfully..
C:\ProgramData\TEMP => ":639BB5E9" ADS removed successfully..
C:\ProgramData\TEMP => ":639F0420" ADS removed successfully..
C:\ProgramData\TEMP => ":661DC753" ADS removed successfully..
C:\ProgramData\TEMP => ":66FC2E6F" ADS removed successfully..
C:\ProgramData\TEMP => ":6710EF08" ADS removed successfully..
C:\ProgramData\TEMP => ":67310058" ADS removed successfully..
C:\ProgramData\TEMP => ":6764D965" ADS removed successfully..
C:\ProgramData\TEMP => ":678C1866" ADS removed successfully..
C:\ProgramData\TEMP => ":67C320D1" ADS removed successfully..
C:\ProgramData\TEMP => ":68198EE3" ADS removed successfully..
C:\ProgramData\TEMP => ":69E3AF64" ADS removed successfully..
C:\ProgramData\TEMP => ":6A9EDD31" ADS removed successfully..
C:\ProgramData\TEMP => ":6AD65294" ADS removed successfully..
C:\ProgramData\TEMP => ":6B55B892" ADS removed successfully..
C:\ProgramData\TEMP => ":6B709AD7" ADS removed successfully..
C:\ProgramData\TEMP => ":6C75AF4C" ADS removed successfully..
C:\ProgramData\TEMP => ":6D5A15BF" ADS removed successfully..
C:\ProgramData\TEMP => ":6F1F66C0" ADS removed successfully..
C:\ProgramData\TEMP => ":70B3C619" ADS removed successfully..
C:\ProgramData\TEMP => ":71A89A93" ADS removed successfully..
C:\ProgramData\TEMP => ":74091520" ADS removed successfully..
C:\ProgramData\TEMP => ":759BAE18" ADS removed successfully..
C:\ProgramData\TEMP => ":76987FE5" ADS removed successfully..
C:\ProgramData\TEMP => ":77F49022" ADS removed successfully..
C:\ProgramData\TEMP => ":78739EC9" ADS removed successfully..
C:\ProgramData\TEMP => ":78E0DF72" ADS removed successfully..
C:\ProgramData\TEMP => ":7929462F" ADS removed successfully..
C:\ProgramData\TEMP => ":7A632F57" ADS removed successfully..
C:\ProgramData\TEMP => ":7AF9CAEB" ADS removed successfully..
C:\ProgramData\TEMP => ":7B2BB690" ADS removed successfully..
C:\ProgramData\TEMP => ":801ED9DF" ADS removed successfully..
C:\ProgramData\TEMP => ":803039D6" ADS removed successfully..
C:\ProgramData\TEMP => ":80BFDE16" ADS removed successfully..
C:\ProgramData\TEMP => ":81410B90" ADS removed successfully..
C:\ProgramData\TEMP => ":838FECBF" ADS removed successfully..
C:\ProgramData\TEMP => ":85C3B823" ADS removed successfully..
C:\ProgramData\TEMP => ":881ED4D3" ADS removed successfully..
C:\ProgramData\TEMP => ":884C7316" ADS removed successfully..
C:\ProgramData\TEMP => ":88E8CC2E" ADS removed successfully..
C:\ProgramData\TEMP => ":89CF6F9C" ADS removed successfully..
C:\ProgramData\TEMP => ":8ACB3478" ADS removed successfully..
C:\ProgramData\TEMP => ":8BCF4DE2" ADS removed successfully..
C:\ProgramData\TEMP => ":8C1EFEB8" ADS removed successfully..
C:\ProgramData\TEMP => ":8DF68137" ADS removed successfully..
C:\ProgramData\TEMP => ":8E5EA40F" ADS removed successfully..
C:\ProgramData\TEMP => ":91730504" ADS removed successfully..
C:\ProgramData\TEMP => ":922DA2DB" ADS removed successfully..
C:\ProgramData\TEMP => ":93B8F954" ADS removed successfully..
C:\ProgramData\TEMP => ":954C27C6" ADS removed successfully..
C:\ProgramData\TEMP => ":97CA3B9E" ADS removed successfully..
C:\ProgramData\TEMP => ":9812B773" ADS removed successfully..
C:\ProgramData\TEMP => ":98982C88" ADS removed successfully..
C:\ProgramData\TEMP => ":996104FC" ADS removed successfully..
C:\ProgramData\TEMP => ":997DA6D7" ADS removed successfully..
C:\ProgramData\TEMP => ":99A29126" ADS removed successfully..
C:\ProgramData\TEMP => ":9AD417ED" ADS removed successfully..
C:\ProgramData\TEMP => ":9B721CFF" ADS removed successfully..
C:\ProgramData\TEMP => ":9BAC4211" ADS removed successfully..
C:\ProgramData\TEMP => ":9BCE6BBD" ADS removed successfully..
C:\ProgramData\TEMP => ":9C435C94" ADS removed successfully..
C:\ProgramData\TEMP => ":9D6EAEC3" ADS removed successfully..
C:\ProgramData\TEMP => ":A02025CE" ADS removed successfully..
C:\ProgramData\TEMP => ":A1460B2A" ADS removed successfully..
C:\ProgramData\TEMP => ":A26AFC00" ADS removed successfully..
C:\ProgramData\TEMP => ":A3251D01" ADS removed successfully..
C:\ProgramData\TEMP => ":A3B8F70C" ADS removed successfully..
C:\ProgramData\TEMP => ":A4076A3B" ADS removed successfully..
C:\ProgramData\TEMP => ":A5948878" ADS removed successfully..
C:\ProgramData\TEMP => ":A692C296" ADS removed successfully..
C:\ProgramData\TEMP => ":A8369371" ADS removed successfully..
C:\ProgramData\TEMP => ":A8725EB5" ADS removed successfully..
C:\ProgramData\TEMP => ":A8DAF782" ADS removed successfully..
C:\ProgramData\TEMP => ":AB4B1687" ADS removed successfully..
C:\ProgramData\TEMP => ":AB6E0B6B" ADS removed successfully..
C:\ProgramData\TEMP => ":ABE818FA" ADS removed successfully..
C:\ProgramData\TEMP => ":AC733A73" ADS removed successfully..
C:\ProgramData\TEMP => ":AC83EA04" ADS removed successfully..
C:\ProgramData\TEMP => ":ACCFA538" ADS removed successfully..
C:\ProgramData\TEMP => ":AF54CFFD" ADS removed successfully..
C:\ProgramData\TEMP => ":B0B6888E" ADS removed successfully..
C:\ProgramData\TEMP => ":B1786630" ADS removed successfully..
C:\ProgramData\TEMP => ":B18C4339" ADS removed successfully..
C:\ProgramData\TEMP => ":B1997945" ADS removed successfully..
C:\ProgramData\TEMP => ":B1E61D6A" ADS removed successfully..
C:\ProgramData\TEMP => ":B6DD2C7E" ADS removed successfully..
C:\ProgramData\TEMP => ":B8791731" ADS removed successfully..
C:\ProgramData\TEMP => ":B904C348" ADS removed successfully..
C:\ProgramData\TEMP => ":B942A5C5" ADS removed successfully..
C:\ProgramData\TEMP => ":B9F8237A" ADS removed successfully..
C:\ProgramData\TEMP => ":BE0BAFE1" ADS removed successfully..
C:\ProgramData\TEMP => ":BE7C4A02" ADS removed successfully..
C:\ProgramData\TEMP => ":BFE54417" ADS removed successfully..
C:\ProgramData\TEMP => ":C0BA0690" ADS removed successfully..
C:\ProgramData\TEMP => ":C0D23A2F" ADS removed successfully..
C:\ProgramData\TEMP => ":C5901F6D" ADS removed successfully..
C:\ProgramData\TEMP => ":C611D6C8" ADS removed successfully..
C:\ProgramData\TEMP => ":C820549A" ADS removed successfully..
C:\ProgramData\TEMP => ":C8E82994" ADS removed successfully..
C:\ProgramData\TEMP => ":C946EBB2" ADS removed successfully..
C:\ProgramData\TEMP => ":CAC06C34" ADS removed successfully..
C:\ProgramData\TEMP => ":CAF8DAC8" ADS removed successfully..
C:\ProgramData\TEMP => ":CB16385F" ADS removed successfully..
C:\ProgramData\TEMP => ":CC4C59B4" ADS removed successfully..
C:\ProgramData\TEMP => ":CDB75348" ADS removed successfully..
C:\ProgramData\TEMP => ":CF391C0F" ADS removed successfully..
C:\ProgramData\TEMP => ":D07517E1" ADS removed successfully..
C:\ProgramData\TEMP => ":D31BE97C" ADS removed successfully..
C:\ProgramData\TEMP => ":D4BB0AD6" ADS removed successfully..
C:\ProgramData\TEMP => ":D507AEDA" ADS removed successfully..
C:\ProgramData\TEMP => ":D5151683" ADS removed successfully..
C:\ProgramData\TEMP => ":D5CCCBAA" ADS removed successfully..
C:\ProgramData\TEMP => ":D9089E64" ADS removed successfully..
C:\ProgramData\TEMP => ":D93AABC7" ADS removed successfully..
C:\ProgramData\TEMP => ":D9B1EB7E" ADS removed successfully..
C:\ProgramData\TEMP => ":D9EDE5FA" ADS removed successfully..
C:\ProgramData\TEMP => ":DA24A961" ADS removed successfully..
C:\ProgramData\TEMP => ":DB16B026" ADS removed successfully..
C:\ProgramData\TEMP => ":DE47A3DA" ADS removed successfully..
C:\ProgramData\TEMP => ":DEE38664" ADS removed successfully..
C:\ProgramData\TEMP => ":DEE46C4E" ADS removed successfully..
C:\ProgramData\TEMP => ":E0CDBB5A" ADS removed successfully..
C:\ProgramData\TEMP => ":E1610EDC" ADS removed successfully..
C:\ProgramData\TEMP => ":E1D6C864" ADS removed successfully..
C:\ProgramData\TEMP => ":E21987F7" ADS removed successfully..
C:\ProgramData\TEMP => ":E222F217" ADS removed successfully..
C:\ProgramData\TEMP => ":E51234A9" ADS removed successfully..
C:\ProgramData\TEMP => ":E5B6B9C5" ADS removed successfully..
C:\ProgramData\TEMP => ":E5F8E280" ADS removed successfully..
C:\ProgramData\TEMP => ":E6C6EB3B" ADS removed successfully..
C:\ProgramData\TEMP => ":E6D148BC" ADS removed successfully..
C:\ProgramData\TEMP => ":EAEE7554" ADS removed successfully..
C:\ProgramData\TEMP => ":EAF8F87B" ADS removed successfully..
C:\ProgramData\TEMP => ":EB0255AA" ADS removed successfully..
C:\ProgramData\TEMP => ":EB333CFC" ADS removed successfully..
C:\ProgramData\TEMP => ":EB86F355" ADS removed successfully..
C:\ProgramData\TEMP => ":ED194880" ADS removed successfully..
C:\ProgramData\TEMP => ":EDE28CFC" ADS removed successfully..
C:\ProgramData\TEMP => ":F1175E1D" ADS removed successfully..
C:\ProgramData\TEMP => ":F19A4790" ADS removed successfully..
C:\ProgramData\TEMP => ":F28DF4DC" ADS removed successfully..
C:\ProgramData\TEMP => ":F3DE733A" ADS removed successfully..
C:\ProgramData\TEMP => ":F5B99CA4" ADS removed successfully..
C:\ProgramData\TEMP => ":F5F96E70" ADS removed successfully..
C:\ProgramData\TEMP => ":F65A2273" ADS removed successfully..
C:\ProgramData\TEMP => ":F7370879" ADS removed successfully..
C:\ProgramData\TEMP => ":F760FD47" ADS removed successfully..
C:\ProgramData\TEMP => ":F7F6E6CB" ADS removed successfully..
C:\ProgramData\TEMP => ":F8BCC942" ADS removed successfully..
C:\ProgramData\TEMP => ":F986CC21" ADS removed successfully..
C:\ProgramData\TEMP => ":F9E10A82" ADS removed successfully..
C:\ProgramData\TEMP => ":FB647F34" ADS removed successfully..
C:\ProgramData\TEMP => ":FBE5FDB9" ADS removed successfully..
C:\ProgramData\TEMP => ":FD8BCF62" ADS removed successfully..
C:\ProgramData\TEMP => ":FF251D87" ADS removed successfully..
C:\ProgramData\TEMP => ":FF7D915E" ADS removed successfully..
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 3.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 16:08:31 ====
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Mon May 16, 2016 2:21 pm    Post subject: how it's working Reply with quote

Please give me about 24 hours to check and I'll let you know how it is working.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Mon May 16, 2016 8:45 pm    Post subject: Reply with quote

OK, talk to you then. Big Thumb Up
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 18, 2016 9:24 am    Post subject: Still having problems Reply with quote

Sorry, It took me a little long to reply. I wanted to spend some time on my mom's computer to see just exactly how it was misbehaving.

We're still having problems.

Links - The links themselves seem to be functioning, but usually when you click on one Internet Explorer either freezes or crashes.

videos - YouTube videos usually play fins, but videos on other pages, like news or the ones on Facebook, come up as a black screen and will not load.

I do not know about the flash and java updates, because it hasn't tried to update yet. Did you want me to try and update them?

It seems as if something is running in the background, but I cannot figure out what.

I hope these observations have been helpful.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed May 18, 2016 1:25 pm    Post subject: Reply with quote

OK, let's run some additional checks to see if we can find any malware that the other scans missed.

First ...

Download TDSSKiller.exe to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • When prompted by UAC allow the prompt.

  • Accept the EULA from TDSSKiller.
  • Accept the KSN Statement.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Copy/Paste the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING THAT IT FINDS AT THIS POINT DOING SO COULD LEAVE YOU WITH AN UNBOOTABLE COMPUTER


Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on Run ESET Online Scanner

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....

    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop

  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.



Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 20, 2016 9:12 pm    Post subject: scan logs 1 Reply with quote

TDSSKiller found no threats. Here's it's log.

20:35:28.0874 0x0f7c TDSS rootkit removing tool 3.1.0.9 Dec 11 2015 22:49:12
20:35:35.0707 0x0f7c ============================================================
20:35:35.0707 0x0f7c Current date / time: 2016/05/20 20:35:35.0707
20:35:35.0707 0x0f7c SystemInfo:
20:35:35.0707 0x0f7c
20:35:35.0707 0x0f7c OS Version: 6.1.7601 ServicePack: 1.0
20:35:35.0707 0x0f7c Product type: Workstation
20:35:35.0707 0x0f7c ComputerName: SONNY
20:35:35.0707 0x0f7c UserName: Deborah
20:35:35.0707 0x0f7c Windows directory: C:\Windows
20:35:35.0707 0x0f7c System windows directory: C:\Windows
20:35:35.0707 0x0f7c Processor architecture: Intel x86
20:35:35.0707 0x0f7c Number of processors: 2
20:35:35.0707 0x0f7c Page size: 0x1000
20:35:35.0707 0x0f7c Boot type: Normal boot
20:35:35.0707 0x0f7c ============================================================
20:35:38.0081 0x0f7c KLMD registered as C:\Windows\system32\drivers\56222576.sys
20:35:39.0406 0x0f7c System UUID: {C4F5D038-11E9-D84E-B753-64F5109C2AA7}
20:35:40.0434 0x0f7c Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:35:41.0326 0x0f7c ============================================================
20:35:41.0326 0x0f7c \Device\Harddisk0\DR0:
20:35:41.0326 0x0f7c MBR partitions:
20:35:41.0326 0x0f7c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1B800, BlocksNum 0x1400000
20:35:41.0326 0x0f7c \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x141B800, BlocksNum 0x24012800
20:35:41.0326 0x0f7c ============================================================
20:35:41.0366 0x0f7c C: <-> \Device\Harddisk0\DR0\Partition2
20:35:41.0386 0x0f7c D: <-> \Device\Harddisk0\DR0\Partition1
20:35:41.0386 0x0f7c ============================================================
20:35:41.0386 0x0f7c Initialize success
20:35:41.0386 0x0f7c ============================================================
20:35:49.0966 0x12c4 ============================================================
20:35:49.0966 0x12c4 Scan started
20:35:49.0966 0x12c4 Mode: Manual;
20:35:49.0966 0x12c4 ============================================================
20:35:49.0966 0x12c4 KSN ping started
20:35:52.0676 0x12c4 KSN ping finished: true
20:35:54.0336 0x12c4 ================ Scan system memory ========================
20:35:54.0336 0x12c4 System memory - ok
20:35:54.0336 0x12c4 ================ Scan services =============================
20:35:54.0556 0x12c4 [ 1B133875B8AA8AC48969BD3458AFE9F5, 01753BDD47F3F9BC0E0D23A069B9C56D4AE6A6B6295BC19B95AE245D25B12744 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:35:54.0566 0x12c4 1394ohci - ok
20:35:54.0706 0x12c4 [ ADC420616C501B45D26C0FD3EF1E54E4, 29FC41D40A35AC5476E2A673CE5B12684E0CFA12A1AEBEEBE5883FBA5CA68B67 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
20:35:54.0736 0x12c4 ACDaemon - ok
20:35:54.0806 0x12c4 [ CEA80C80BED809AA0DA6FEBC04733349, AE69C142DC2210A4AE657C23CEA4A6E7CB32C4F4EBA039414123CAC52157509B ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:35:54.0826 0x12c4 ACPI - ok
20:35:54.0876 0x12c4 [ 1EFBC664ABFF416D1D07DB115DCB264F, BF94D069D692140B792DBF4FD3CB0127D27C26CC5BFB6B0C28A8B6346767EE58 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:35:54.0876 0x12c4 AcpiPmi - ok
20:35:54.0976 0x12c4 [ 36114214BF8D7C464D1E92E4EB6B2DD3, 8E7CB266D4ABCDF332A3D4D341753811D51B72985E36F24A7E757DCA11A65A2A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
20:35:54.0986 0x12c4 AdobeARMservice - ok
20:35:55.0076 0x12c4 [ 6A050671F2C76FB48131F12786802807, 71B37A9CEAE5AB1B069FB010BC547E14445461885B74FA879E63F9F2DAF644A5 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:35:55.0096 0x12c4 AdobeFlashPlayerUpdateSvc - ok
20:35:55.0156 0x12c4 [ 21E785EBD7DC90A06391141AAC7892FB, A2D3D764C5E6DC0AD5AAF48485FFB8B121D2A40DC08ECF2D2CB92278A1002B25 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:35:55.0166 0x12c4 adp94xx - ok
20:35:55.0196 0x12c4 [ 0C676BC278D5B59FF5ABD57BBE9123F2, 339E8A433D186BAAB6FCB44C82CC9FB6FCD63C87981449494CBEB2072CB6B7BB ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:35:55.0216 0x12c4 adpahci - ok
20:35:55.0236 0x12c4 [ 7C7B5EE4B7B822EC85321FE23A27DB33, A934AFB71D439555E6376DA9B34F82E8D39A300A4547BE9AC9311F6A3C36270C ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:35:55.0246 0x12c4 adpu320 - ok
20:35:55.0286 0x12c4 [ 39AEAECE9F42407F176FE130D790BFBE, 19010DF87BDC1884268098CC04B4B15ECB710C94054A57157C0F9B7A795BDB28 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:35:55.0286 0x12c4 AeLookupSvc - ok
20:35:55.0346 0x12c4 [ 330A1E4DF07C2E29949ED8631CD8828E, 139127405B2D635B0252FF8D7308D671546F20B051C93C50A9013E7AB9D54835 ] AERTFilters C:\Windows\system32\AERTSrv.exe
20:35:55.0346 0x12c4 AERTFilters - ok
20:35:55.0406 0x12c4 [ 93B49FA857F7036A4EFF32371F6E7391, B9B2867D9A80E7F028E9D7C6ABCB9EC5198ACE28CEE101C5A846666B356B2843 ] AFD C:\Windows\system32\drivers\afd.sys
20:35:55.0426 0x12c4 AFD - ok
20:35:55.0466 0x12c4 [ 8D0CF8A08034CD3D273C9FFC759B62A6, 538D35A0D31BF3D68118CCBDC14CBFDA7A0C0241D929D3AD718A5D60B32B8517 ] AFS C:\Windows\system32\drivers\AFS.sys
20:35:55.0466 0x12c4 AFS - ok
20:35:55.0506 0x12c4 [ 507812C3054C21CEF746B6EE3D04DD6E, D7E59350AC338AD229E3D10C76E32AE16D120311B263714A9CD94AB538633B0E ] agp440 C:\Windows\system32\drivers\agp440.sys
20:35:55.0506 0x12c4 agp440 - ok
20:35:55.0536 0x12c4 [ 8B30250D573A8F6B4BD23195160D8707, 64EC289AFCD63D84EAFD9D81C50D0A77BCC79A1EFF32C50B2776BB0C0151757D ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
20:35:55.0546 0x12c4 aic78xx - ok
20:35:55.0596 0x12c4 [ 18A54E132947CD98FEA9ACCC57F98F13, 9D39AF972785E49F0DD12C4BAEF39A79CD69F098886BF152AF1B7CCE2E902115 ] ALG C:\Windows\System32\alg.exe
20:35:55.0596 0x12c4 ALG - ok
20:35:55.0616 0x12c4 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44, 1D1AA8F50935D976C29DE7A84708CADBBBDD936F0DD2C059E820F0D21367B3B6 ] aliide C:\Windows\system32\drivers\aliide.sys
20:35:55.0616 0x12c4 aliide - ok
20:35:55.0636 0x12c4 [ 3C6600A0696E90A463771C7422E23AB5, 370B33DC1C25B981628A318BAE434A78A5F0A0DA93C2896DC7A3D7B87AE1A5E7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
20:35:55.0636 0x12c4 amdagp - ok
20:35:55.0656 0x12c4 [ CD5914170297126B6266860198D1D4F0, 2239FCBD1A7EC27CE4F10DA36AE6BD6CCB87E5128C82CA71B84BFE5AF5602A60 ] amdide C:\Windows\system32\drivers\amdide.sys
20:35:55.0656 0x12c4 amdide - ok
20:35:55.0676 0x12c4 [ 00DDA200D71BAC534BF56A9DB5DFD666, CA316B1FFD85BA1CF8664B3229DA1F238A5341E016059F7ED89702324CFD124B ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:35:55.0686 0x12c4 AmdK8 - ok
20:35:55.0696 0x12c4 [ 3CBF30F5370FDA40DD3E87DF38EA53B6, 7EACF1743367BE805357B6FD10F8F99E9B1C301FE3782D77719347B13DFA65EC ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:35:55.0696 0x12c4 AmdPPM - ok
20:35:55.0736 0x12c4 [ D320BF87125326F996D4904FE24300FC, F767D8C5C58D57202905D829F7AE1B1FF33937F407FDCE4C90E32A6638F27416 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:35:55.0746 0x12c4 amdsata - ok
20:35:55.0776 0x12c4 [ EA43AF0C423FF267355F74E7A53BDABA, 3F1335909AB0281A2FBDD7AD90E18309E091656CD32B48894B992789D8C61DB4 ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:35:55.0776 0x12c4 amdsbs - ok
20:35:55.0826 0x12c4 [ 46387FB17B086D16DEA267D5BE23A2F2, 8B8AC61B91F154B4EB5CC6DECB5FCCEBA8B42EFE94859947136AD06681EA8ED0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:35:55.0826 0x12c4 amdxata - ok
20:35:55.0916 0x12c4 [ D1AF38FBAC0DC7E6D796B0ED01707EE0, FAFD2C36594A1628293E7623C8CAB2D47EDF8C6C0E18CC2FB37F9A6CA1F0E57C ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
20:35:55.0916 0x12c4 AppHostSvc - ok
20:35:55.0956 0x12c4 [ C7F5CAE0B450BE875EEE0E6DDFA771FE, 4FDDC802C245606C8A9140F8DF3445FDD6F7112A516F68A04EA15CEB92852E67 ] AppID C:\Windows\system32\drivers\appid.sys
20:35:56.0026 0x12c4 AppID - ok
20:35:56.0096 0x12c4 [ 8333787D8FCA460C0DD70436464A8A8D, 00AE5CE2FB2DF53B5850B561120A29F757A482115E4D8A52D8033502A45B138D ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:35:56.0126 0x12c4 AppIDSvc - ok
20:35:56.0156 0x12c4 [ 133A7896E643D139443B47FDBFA327C7, 371FC602B531DF1EFDCEEC3A2F5497A0D0BE7F558B0583F572862C69A65BD454 ] Appinfo C:\Windows\System32\appinfo.dll
20:35:56.0166 0x12c4 Appinfo - ok
20:35:56.0236 0x12c4 [ 8F5B0003A49DBF93EDB3696F5AA490AD, FD949F785D791375B1B4E7AFAFFC97C1DDB776B4868E1E5C45DFDC7F2A479557 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:35:56.0246 0x12c4 Apple Mobile Device - ok
20:35:56.0266 0x12c4 [ 2932004F49677BD84DBC72EDB754FFB3, 73F84582244AC53994A2F4499A119B4A84A6BF7FD3046C29A8080C763DE540B8 ] arc C:\Windows\system32\DRIVERS\arc.sys
20:35:56.0266 0x12c4 arc - ok
20:35:56.0286 0x12c4 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7, F7C9C3B4F2C816F57A43B2921672858C291054220BADE291044343778216F6BA ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:35:56.0286 0x12c4 arcsas - ok
20:35:56.0426 0x12c4 [ 4170FD789CDDE8767972C7C87E6B3400, 36403DF991F451A2A539B7C9BBF1310768701F68AC5EFFA1E5EE0C07A427E5ED ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:35:56.0426 0x12c4 aspnet_state - ok
20:35:56.0456 0x12c4 [ ADD2ADE1C2B285AB8378D2DAAF991481, 7965A705F37924C0EC7A934E64E89C5DF4069816E2EEA3509E0AC90F78910519 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:35:56.0456 0x12c4 AsyncMac - ok
20:35:56.0486 0x12c4 [ 338C86357871C167A96AB976519BF59E, F28CC534523D1701B0552F5D7E18E88369C4218BDB1F69110C3E31D395884AD6 ] atapi C:\Windows\system32\drivers\atapi.sys
20:35:56.0496 0x12c4 atapi - ok
20:35:56.0546 0x12c4 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:35:56.0576 0x12c4 AudioEndpointBuilder - ok
20:35:56.0596 0x12c4 [ C1619A13B10CAC5038BF7129F57D8DE3, 9F71EA6C844650658938E68CCC1383F92D37C68E46E08461A8351491185BA791 ] Audiosrv C:\Windows\System32\Audiosrv.dll
20:35:56.0606 0x12c4 Audiosrv - ok
20:35:56.0656 0x12c4 [ 6E30D02AAC9CAC84F421622E3A2F6178, 229DC527C1D6C778BCA2C855A2A6F6D2C4B0F4F6DE56C886B3AAD26E3347952C ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:35:56.0656 0x12c4 AxInstSV - ok
20:35:56.0686 0x12c4 [ 1A231ABEC60FD316EC54C66715543CEC, 09E2897BA80737997A286EA5408C03DD3CC0EBACD24CB391C2455B6D4BE7D67E ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
20:35:56.0706 0x12c4 b06bdrv - ok
20:35:56.0746 0x12c4 [ BD8869EB9CDE6BBE4508D869929869EE, F4363A12EBFDBB89C69FD59B22F9EE05BADA07D477A1DF2DE01F59D6EE496543 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
20:35:56.0746 0x12c4 b57nd60x - ok
20:35:56.0786 0x12c4 [ EE1E9C3BB8228AE423DD38DB69128E71, ED54FD9795F3A4D32F02BED6052AD9404409A05644CDBEBFF19C662D104DA95A ] BDESVC C:\Windows\System32\bdesvc.dll
20:35:56.0796 0x12c4 BDESVC - ok
20:35:56.0806 0x12c4 [ 505506526A9D467307B3C393DEDAF858, 8AD6F1492E357F57CF42261497BA29122045D4FC0DCC9669AA5AC9B2A4BABFA4 ] Beep C:\Windows\system32\drivers\Beep.sys
20:35:56.0806 0x12c4 Beep - ok
20:35:56.0866 0x12c4 [ 1E2BAC209D184BB851E1A187D8A29136, 53933C938DA5126986FFF2918C1F522ABE93ABAB460AE32E4453161C2F7B68DF ] BFE C:\Windows\System32\bfe.dll
20:35:56.0886 0x12c4 BFE - ok
20:35:56.0946 0x12c4 [ E585445D5021971FAE10393F0F1C3961, 178C008A9A0A6BFDA65EB0B98C510271360AD4474F22F13594F5EB60AA4E1CF5 ] BITS C:\Windows\System32\qmgr.dll
20:35:57.0066 0x12c4 BITS - ok
20:35:57.0086 0x12c4 [ 2287078ED48FCFC477B05B20CF38F36F, 55BCA6174E6034A8D61CBE4126B2F1989F6052BFA624BEA9C0A0A664AEC74521 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:35:57.0086 0x12c4 blbdrive - ok
20:35:57.0156 0x12c4 [ 5EA9C80F18CBC393EA7D9A2991DED4B5, 7E5EB1CE44FEBE93686174058D51581FA00BDFF0EBB84BD74BC08F6386019253 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:35:57.0186 0x12c4 Bonjour Service - ok
20:35:57.0226 0x12c4 [ 8F2DA3028D5FCBD1A060A3DE64CD6506, E234672E9CFE1A95AD2E78E306E41E010B870221E6EBBC0E2B0BE2FA5CE0CD76 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:35:57.0236 0x12c4 bowser - ok
20:35:57.0246 0x12c4 [ 9F9ACC7F7CCDE8A15C282D3F88B43309, A9131334BD9CF8FD60BA9D54AA054E2DF2BE1219FB650DF1464F2787BDEAE98F ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:35:57.0246 0x12c4 BrFiltLo - ok
20:35:57.0256 0x12c4 [ 56801AD62213A41F6497F96DEE83755A, 0DEB8318FB47DF6473C171C795C735E26A73FA12232876C6856549EA16F33361 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:35:57.0266 0x12c4 BrFiltUp - ok
20:35:57.0316 0x12c4 [ 3DAA727B5B0A45039B0E1C9A211B8400, 903B51E75F0C503A0E255120F53BF51B047B219FEC1E15F2F1D02DDD562FC73B ] Browser C:\Windows\System32\browser.dll
20:35:57.0316 0x12c4 Browser - ok
20:35:57.0336 0x12c4 [ 845B8CE732E67F3B4133164868C666EA, 9309B094CD9B5EBC46295A5EB806BED472C3CEDE3B5F6F497EBDABA496A2A27F ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:35:57.0356 0x12c4 Brserid - ok
20:35:57.0376 0x12c4 [ 203F0B1E73ADADBBB7B7B1FABD901F6B, 782FA7B26940FE479C49C9BAA2EB582CDAAAD607013E9BCFC85E6FBBB7D49A6D ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:35:57.0376 0x12c4 BrSerWdm - ok
20:35:57.0386 0x12c4 [ BD456606156BA17E60A04E18016AE54B, DFBDC9DA6A3EA40BACFF204BC6C55C2C122B5885D2CBF6D45054DE43EE15EC4D ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:35:57.0386 0x12c4 BrUsbMdm - ok
20:35:57.0406 0x12c4 [ AF72ED54503F717A43268B3CC5FAEC2E, 4A638669B0C30B1BDED242A8BF2015A37749570FF4D67D190BACC8D7E0C44468 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:35:57.0406 0x12c4 BrUsbSer - ok
20:35:57.0416 0x12c4 [ ED3DF7C56CE0084EB2034432FC56565A, B5B75E002E7BC0209582C635CCCA26DB569BDB23C33A126634E00C6434BF941B ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:35:57.0416 0x12c4 BTHMODEM - ok
20:35:57.0466 0x12c4 [ 1DF19C96EEF6C29D1C3E1A8678E07190, 1F4BB161FF3A1C5B1465BB52F3520FEDB7ACB1FAA132466F07D16DB8E394AEA5 ] bthserv C:\Windows\system32\bthserv.dll
20:35:57.0466 0x12c4 bthserv - ok
20:35:57.0496 0x12c4 [ 77EA11B065E0A8AB902D78145CA51E10, 160EB3BBE9E5F3CC4A02584E6F2576A812C7565B940D74838B983F1EE51FA73A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:35:57.0496 0x12c4 cdfs - ok
20:35:57.0546 0x12c4 [ BE167ED0FDB9C1FA1133953C18D5A6C9, E26A851CA13E7300F977E5B20FA5D25FD0E1442AB6AD5DB58BBDB2DAAD87027C ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:35:57.0546 0x12c4 cdrom - ok
20:35:57.0596 0x12c4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] CertPropSvc C:\Windows\System32\certprop.dll
20:35:57.0596 0x12c4 CertPropSvc - ok
20:35:57.0626 0x12c4 [ 3FE3FE94A34DF6FB06E6418D0F6A0060, 6B3A2A26609A75B690D4C0B3059E40822F3B3DB08943F58EC496BABDA7D0A735 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:35:57.0626 0x12c4 circlass - ok
20:35:57.0676 0x12c4 [ 33A60554882FDF59CDA3E1806370BBA1, 3DE5451E1CB84AAEBD03F54BEFC670C401447B4881A8B022748B6ECF0F500F01 ] CLFS C:\Windows\system32\CLFS.sys
20:35:57.0696 0x12c4 CLFS - ok
20:35:57.0766 0x12c4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:35:57.0766 0x12c4 clr_optimization_v2.0.50727_32 - ok
20:35:57.0836 0x12c4 [ AB4CD527BEFCC43EE441E6C50CCE54C8, 13B776AE63049FFBA7E35EA0A4C26EBB57B10D973E05C4CF1214249754DC46E4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:35:57.0866 0x12c4 clr_optimization_v4.0.30319_32 - ok
20:35:57.0896 0x12c4 [ DEA805815E587DAD1DD2C502220B5616, 2D6A7668C95352B818F5EC59FF462894935833D34190257DA9CAC7E67FD3631C ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:35:57.0906 0x12c4 CmBatt - ok
20:35:57.0936 0x12c4 [ C537B1DB64D495B9B4717B4D6D9EDBF2, 400EEFE662DE117C9CC956E4CBD5E98F28F962E7447CD93E8A78FDD8CA39EB4B ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:35:57.0936 0x12c4 cmdide - ok
20:35:58.0016 0x12c4 [ FAE0008AB5BF34E41EC95A8087E94454, AE97D2057FCC5CA2E7DFBE81EA9A84E5EF955CC1F0F21B437ECBB602C85F9B96 ] CNG C:\Windows\system32\Drivers\cng.sys
20:35:58.0026 0x12c4 CNG - ok
20:35:58.0046 0x12c4 [ A6023D3823C37043986713F118A89BEE, FAC239A7FA6251C7EDFFA34B4BAE3910B8BC0BD4A3574B6DB6931A8D691E207B ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:35:58.0046 0x12c4 Compbatt - ok
20:35:58.0096 0x12c4 [ CBE8C58A8579CFE5FCCF809E6F114E89, AC083A1C649EBA18C59FCC1772D0784B10E2B8C63094E3C14388E147DBC3F6DF ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:35:58.0096 0x12c4 CompositeBus - ok
20:35:58.0106 0x12c4 COMSysApp - ok
20:35:58.0146 0x12c4 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1, 6FC323217D82EF661BA0E3F949B61B05BB5235D1A69C81D24876C2153FAECEF6 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:35:58.0146 0x12c4 crcdisk - ok
20:35:58.0196 0x12c4 [ 33F67BBCC3C0499D3F3382473114CFA8, FDDCC41CE005B7C1BEBB6F4ACA9A3F10E5972792ADFD7D294E70A0B781460981 ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:35:58.0206 0x12c4 CryptSvc - ok
20:35:58.0286 0x12c4 [ AEFB8558199BD5212B268B09BFA1D71A, 8623C845977FFCECA6E90F8B148B05AE8E85CF7C517652BE8ED44F597A749BEE ] CSHelper C:\Windows\system32\CSHelper.exe
20:35:58.0306 0x12c4 CSHelper - ok
20:35:58.0356 0x12c4 [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:35:58.0366 0x12c4 DcomLaunch - ok
20:35:58.0416 0x12c4 [ 8D6E10A2D9A5EED59562D9B82CF804E1, 888F9650F4E872BA8F4E0C27E38A6672A561042B17EBA40E306A22357965B0AD ] defragsvc C:\Windows\System32\defragsvc.dll
20:35:58.0416 0x12c4 defragsvc - ok
20:35:58.0456 0x12c4 [ F024449C97EC1E464AAFFDA18593DB88, 7EF1E241892E098A472BCA14C724DFF1AACCF190954AF1C4A38B6D542CC74BD2 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:35:58.0466 0x12c4 DfsC - ok
20:35:58.0507 0x12c4 [ E9E01EB683C132F7FA27CD607B8A2B63, 4D9037B458C522874619143A4176BCED42472C68933E6E83D37B67242706F3C4 ] Dhcp C:\Windows\system32\dhcpcore.dll
20:35:58.0517 0x12c4 Dhcp - ok
20:35:58.0597 0x12c4 [ 0A3386E3CF9C5D089D695AC5A35F4C6F, D610071493EB95FCE39E24C457A0B5BBA131193159E43FDC1E8EDABB9C7AB81A ] DiagTrack C:\Windows\system32\diagtrack.dll
20:35:58.0627 0x12c4 DiagTrack - ok
20:35:58.0637 0x12c4 [ 1A050B0274BFB3890703D490F330C0DA, 79D74F4679A2EE040FAAF4D0392A9311239A10A5F8A5CCB48656C6F89B6D62FB ] discache C:\Windows\system32\drivers\discache.sys
20:35:58.0637 0x12c4 discache - ok
20:35:58.0697 0x12c4 [ B7B470F163002A0D0E381EE45834BF6B, 5B5E204341A6B1689C3F8717C41782B1A077A026F8B19DA3DE08CA44AB1D95B2 ] Disk C:\Windows\system32\drivers\disk.sys
20:35:58.0697 0x12c4 Disk - ok
20:35:58.0707 0x12c4 dlbu_device - ok
20:35:58.0757 0x12c4 [ 33EF4861F19A0736B11314AAD9AE28D0, 4C4B84365D85758E3263B88F157D8B086B392C6F1EA5F0F3DB6BF87EF90248EC ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:35:58.0767 0x12c4 Dnscache - ok
20:35:58.0817 0x12c4 [ 366BA8FB4B7BB7435E3B9EACB3843F67, 65B7C61ACF34F1F0149045AA9E09A3F917A927963237A385A914D0B80551DC31 ] dot3svc C:\Windows\System32\dot3svc.dll
20:35:58.0837 0x12c4 dot3svc - ok
20:35:58.0887 0x12c4 [ 8EC04CA86F1D68DA9E11952EB85973D6, 2E3FBC2D683D1274E8BC45EEEA87D43B77EDDCAAF0D453296D9FDA6B9D717071 ] DPS C:\Windows\system32\dps.dll
20:35:58.0907 0x12c4 DPS - ok
20:35:58.0937 0x12c4 [ A3F684B866A7D89AE396276CE7AFD416, 1E4C034B7B106FA403B13842A199D88A33B492A577B58CDDAE0B4706266B9565 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:35:58.0967 0x12c4 drmkaud - ok
20:35:58.0977 0x0fd0 Object required for P2P: [ 6A050671F2C76FB48131F12786802807 ] AdobeFlashPlayerUpdateSvc
20:35:59.0027 0x12c4 [ 4B21D102E49E9D44C478D6766A7FCBE5, 7CEEBCF81EE23876F039ED1222020D6F45FE6B3A5CE3BB93DDA3B8BBEAA15E47 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:35:59.0047 0x12c4 DXGKrnl - ok
20:35:59.0107 0x12c4 [ CF0A6015F437161698C5B2A0A12CF052, C23A777CF5D34C96B16A4A6197DA3F14CC2F8C56421E422BBD46617C941DBBCE ] e1express C:\Windows\system32\DRIVERS\e1e6032.sys
20:35:59.0117 0x12c4 e1express - ok
20:35:59.0157 0x12c4 [ 8600142FA91C1B96367D3300AD0F3F3A, 5713625E27DF11FAAFDA7AC79899A6AD813166E167088FA990EC5DE87DBE83DF ] EapHost C:\Windows\System32\eapsvc.dll
20:35:59.0167 0x12c4 EapHost - ok
20:35:59.0287 0x12c4 [ 024E1B5CAC09731E4D868E64DBFB4AB0, AB0826A74BBEE5B7A1B035861B665C79BC98305CFC7D82BEF420558FBD3EE994 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
20:35:59.0377 0x12c4 ebdrv - ok
20:35:59.0417 0x12c4 [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] EFS C:\Windows\System32\lsass.exe
20:35:59.0437 0x12c4 EFS - ok
20:35:59.0497 0x12c4 [ A8C362018EFC87BEB013EE28F29C0863, 07971C681FBD391C0BA0172618AF8AD77520182207F1C57F134B34D6A113857F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:35:59.0517 0x12c4 ehRecvr - ok
20:35:59.0547 0x12c4 [ D389BFF34F80CAEDE417BF9D1507996A, 12859B9925D7A4631DE61A820922F43F56ED23C2AF014CBF36322685E5CF641E ] ehSched C:\Windows\ehome\ehsched.exe
20:35:59.0547 0x12c4 ehSched - ok
20:35:59.0587 0x12c4 [ 0ED67910C8C326796FAA00B2BF6D9D3C, 97FAA7627A162B0AEC15545E0165D13355D535B4157604BB87F8EEB72ECD24A8 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:35:59.0607 0x12c4 elxstor - ok
20:35:59.0687 0x12c4 [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
20:35:59.0697 0x12c4 EpsonBidirectionalService - ok
20:35:59.0817 0x12c4 [ EC6A73CD8413F68655E5E0B99C415A21, 5F56B211E854B316A0512091D9EE5A10199EEF619712B8645A2034165253F2A0 ] EPSON_EB_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
20:35:59.0927 0x12c4 EPSON_EB_RPCV4_01 - ok
20:35:59.0957 0x12c4 [ 8FE6AB59CAB8F2C038FEA9522A5EEBA7, 539C4257DE460F881DAFAD4FD83C216363B558FDD06AE6779FBBCC2B84BCCF56 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
20:36:00.0037 0x12c4 EPSON_PM_RPCV4_01 - ok
20:36:00.0067 0x12c4 [ 8FC3208352DD3912C94367A206AB3F11, 69B65C12BDADD4B730508674B1B77C5496612B4ACCC447DB9AFE49ADEA8CBF02 ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:36:00.0067 0x12c4 ErrDev - ok
20:36:00.0117 0x12c4 [ F6916EFC29D9953D5D0DF06882AE8E16, ED41893960018D5EC2F7829B1DE4B6967D9FD074D60B11B9EB854E3E0948EC24 ] EventSystem C:\Windows\system32\es.dll
20:36:00.0137 0x12c4 EventSystem - ok
20:36:00.0147 0x12c4 [ 2DC9108D74081149CC8B651D3A26207F, 75CB47923A867DDAC512701CE71DFCFC340FC3A2E27F4255D0836A1FBC463176 ] exfat C:\Windows\system32\drivers\exfat.sys
20:36:00.0157 0x12c4 exfat - ok
20:36:00.0177 0x12c4 [ 7E0AB74553476622FB6AE36F73D97D35, 41463A255FDA1D550B3385EC7C73ABC343B1BBBE9CEE4DF9F2A8B3E7338C4947 ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:36:00.0177 0x12c4 fastfat - ok
20:36:00.0237 0x12c4 [ 967EA5B213E9984CBE270205DF37755B, 43153E23210B03FAE16897D62D55B8742F834EDC695F8401EAB5DE307F62602D ] Fax C:\Windows\system32\fxssvc.exe
20:36:00.0267 0x12c4 Fax - ok
20:36:00.0297 0x12c4 [ E817A017F82DF2A1F8CFDBDA29388B29, 4CC9320A21E6FEA2D16C48D6BEA14391B695BD541A3C5FDDAEEE086A414FC837 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:36:00.0297 0x12c4 fdc - ok
20:36:00.0307 0x12c4 [ F3222C893BD2F5821A0179E5C71E88FB, A85B947249DBB986358CCD4B158DD58A9301F074F3C6CCCDEF2D01F432E59D1B ] fdPHost C:\Windows\system32\fdPHost.dll
20:36:00.0307 0x12c4 fdPHost - ok
20:36:00.0317 0x12c4 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B, 0E76C29D2A974A3F2FBFCB63D066D4136B78E02F6B1F579B1865CA7A76193987 ] FDResPub C:\Windows\system32\fdrespub.dll
20:36:00.0317 0x12c4 FDResPub - ok
20:36:00.0337 0x12c4 [ 6CF00369C97F3CF563BE99BE983D13D8, F65F35324A2FB9DFB533B1C4D089D990CC242218FE83414329D07B786D8EFF33 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:36:00.0337 0x12c4 FileInfo - ok
20:36:00.0347 0x12c4 [ 42C51DC94C91DA21CB9196EB64C45DB9, 388C68D12ECC8FFE3116FEAAF4DB7B80CF4A3F97E935788DD21C6ADE2369F635 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:36:00.0347 0x12c4 Filetrace - ok
20:36:00.0367 0x12c4 [ 87907AA70CB3C56600F1C2FB8841579B, CA1CD82A1CD453617CE5EA431A1836997F14E3580554E8A516D9FE1E9926D979 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:36:00.0367 0x12c4 flpydisk - ok
20:36:00.0387 0x12c4 [ 7520EC808E0C35E0EE6F841294316653, 6EC65511B4838A7172A8F89E35C2F9DF4F0BFCE3BE12EDA790F3EB567102FF67 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:36:00.0397 0x12c4 FltMgr - ok
20:36:00.0467 0x12c4 [ 23D3F12CA9DEB6EF02DEDC621EC661AC, AA3718715ADFE1666757BCD79D5A8DC591C2C5185802F51A27C119C4C30F360A ] FontCache C:\Windows\system32\FntCache.dll
20:36:00.0567 0x12c4 FontCache - ok
20:36:00.0647 0x12c4 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F, DBED26852B99B362152DA9CD4F31A1883EF6F9B496F3CF3772A197BA72DB61DA ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:36:00.0647 0x12c4 FontCache3.0.0.0 - ok
20:36:00.0667 0x12c4 [ 1A16B57943853E598CFF37FE2B8CBF1D, 87609F46F3B8123552141FD70866E895220B1BBD92BC2B580CAF49201AA0197E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:36:00.0667 0x12c4 FsDepends - ok
20:36:00.0727 0x12c4 [ D909075FA72C090F27AA926C32CB4612, F8610C20C4DD499D5B4ACEBD7107E52E25B6449AEED58D1A203F7D654B55C4DF ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
20:36:00.0727 0x12c4 fssfltr - ok
20:36:00.0847 0x12c4 [ 4CE9DAC1518FF7E77BD213E6394B9D77, D7D0D29DF93AC7DC5F85E385EEB45306C7BD87ACA7AAC5A8D47893D120C32C03 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
20:36:00.0897 0x12c4 fsssvc - ok
20:36:00.0937 0x12c4 [ 7DAE5EBCC80E45D3253F4923DC424D05, 8A2C4D5591509B0B0A44583520617A9AE34F32BB6E68A012A7D7870ED24F703A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:36:00.0937 0x12c4 Fs_Rec - ok
20:36:00.0977 0x12c4 [ E306A24D9694C724FA2491278BF50FDB, 1D246B9C28550640EACBF8CF9DC980FD75106B92832D392FEBEF0C7012353091 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:36:00.0987 0x12c4 fvevol - ok
20:36:01.0017 0x12c4 [ 65EE0C7A58B65E74AE05637418153938, 0E1A398ADD8411AF4CCC3344D67BE1B261320C58328BD5C5855A357476FAEBEF ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:36:01.0017 0x12c4 gagp30kx - ok
20:36:01.0047 0x12c4 [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:36:01.0047 0x12c4 GEARAspiWDM - ok
20:36:01.0107 0x12c4 [ D3316F6E3C011435F36E3D6E49B3196C, 941DF52BA26603A146ED6B65A696DB87153868ED0469EF9C2EB09AC7E63525B7 ] GoToAssist C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
20:36:01.0107 0x12c4 GoToAssist - ok
20:36:01.0177 0x12c4 [ E897EAF5ED6BA41E081060C9B447A673, A428DC68516F19C6C53A8B62E4BDB2587E70FB751B9D77700B6B147D347DA157 ] gpsvc C:\Windows\System32\gpsvc.dll
20:36:01.0207 0x12c4 gpsvc - ok
20:36:01.0317 0x12c4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
20:36:01.0327 0x12c4 gupdate - ok
20:36:01.0347 0x12c4 [ DD7423ABBE2913E70D50E9318AD57EE4, 74BC123808F3FA60ADDC51C1383F8250608D3DBA3A8DC175B3418A1CF0BC53E9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
20:36:01.0357 0x12c4 gupdatem - ok
20:36:01.0407 0x12c4 [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
20:36:01.0417 0x12c4 gusvc - ok
20:36:01.0457 0x12c4 [ C44E3C2BAB6837DB337DDEE7544736DB, 88A24FF7D2FECCEAFFD421B2039A0FB623DA47A6B220B80EF1E52DD26D9E222D ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:36:01.0467 0x12c4 hcw85cir - ok
20:36:01.0497 0x12c4 [ 9036377B8A6C15DC2EEC53E489D159B5, 1E56D2ACFE92E6DF96D755B05C63D580EED82C210F075C8623E138BEE6BCD41B ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:36:01.0497 0x12c4 HDAudBus - ok
20:36:01.0507 0x12c4 [ 1D58A7F3E11A9731D0EAAAA8405ACC36, 7056FA18B86FBD52C4A6092D80476C02553EA053D6A0BEDB01A2FA5E152D5215 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:36:01.0517 0x12c4 HidBatt - ok
20:36:01.0527 0x12c4 [ 89448F40E6DF260C206A193A4683BA78, 71E0FCC32AE6FF8DFF420DB0383D6A200E1EAE14BD2E32453F92CE18B31C1F3C ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:36:01.0527 0x12c4 HidBth - ok
20:36:01.0537 0x12c4 [ CF50B4CF4A4F229B9F3C08351F99CA5E, B97843620AF80FF0EC8F2C438255C0A42A756C6314FAF3DEF415DE16E14C108F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:36:01.0537 0x12c4 HidIr - ok
20:36:01.0587 0x12c4 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B, 2AF3312F1C8C8923C0A29AA5DAE57CE269417E53DEA2F0CCCC8DB57029698FE1 ] hidserv C:\Windows\system32\hidserv.dll
20:36:01.0587 0x12c4 hidserv - ok
20:36:01.0637 0x12c4 [ 10C19F8290891AF023EAEC0832E1EB4D, E208553029488A6EE2F5216CC9FE5F93E9931A94C0D0625253BB159E30642853 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:36:01.0687 0x12c4 HidUsb - ok
20:36:01.0727 0x12c4 [ 196B4E3F4CCCC24AF836CE58FACBB699, 7A2E1F603A073421FA0987EFB96647F1F0F2D4E0C82AA62EBC041585DA811DAF ] hkmsvc C:\Windows\system32\kmsvc.dll
20:36:01.0727 0x12c4 hkmsvc - ok
20:36:01.0777 0x12c4 [ 6658F4404DE03D75FE3BA09F7ABA6A30, E51D9C1580A283EB862F09B73AAE1B647DD683A53F3DD99834222F12DD15E40F ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:36:01.0797 0x12c4 HomeGroupListener - ok
20:36:01.0837 0x12c4 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8, 02121800D9062692C102475876AE8143EBE46D855E8328B8CDCFE6A2F0D19696 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:36:01.0857 0x12c4 HomeGroupProvider - ok
20:36:01.0907 0x12c4 [ 295FDC419039090EB8B49FFDBB374549, 670E8015FD374640C6570F56F7FE8DE4D8F92E7A8072F5D1B2B95D0BD699CEF7 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:36:01.0907 0x12c4 HpSAMD - ok
20:36:01.0957 0x12c4 [ 487569E5DA56A5A432FF8AF6D3599CF9, 7C974D8379C60B4F69A20B01876C49181B0A63AC318C4BD0A21DABFF27A15C9D ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:36:01.0987 0x12c4 HTTP - ok
20:36:02.0027 0x12c4 [ 0C4E035C7F105F1299258C90886C64C5, CFB4FBE7B28058E6D3E6E508CF3C1645F6AAE0AFEB4C5364835B9C42311DF0D4 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:36:02.0027 0x12c4 hwpolicy - ok
20:36:02.0067 0x12c4 [ F151F0BDC47F4A28B1B20A0818EA36D6, 84B24B5796D9F70A8C37773F5484A4606CC7908370CCD942627ACBEDC4952D79 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:36:02.0077 0x12c4 i8042prt - ok
20:36:02.0157 0x12c4 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E, 72870092A80C6DAE0105025B0ED8B607E98BA81E59298364A7FE4C9C56C68FF0 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:36:02.0197 0x12c4 iaStorV - ok
20:36:02.0297 0x12c4 [ 3E9213A2A050BF429E91898C90F8B4E3, D80ABE5691087661B19F01927B631CB8C5291120B814B6F863F046E0D643E9E4 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:36:02.0327 0x12c4 idsvc - ok
20:36:02.0357 0x12c4 IEEtwCollectorService - ok
20:36:02.0529 0x12c4 [ 9467514EA189475A6E7FDC5D7BDE9D3F, E6F5B99BF6B614832770F9310B06334A8174C7660DDEC7589433640527A14683 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
20:36:02.0679 0x12c4 igfx - ok
20:36:02.0739 0x12c4 [ 4173FF5708F3236CF25195FECD742915, 0A9C0701DF6EAC6602BE342FC13C7950EF04BB5BDF7D96C2C5DABBD2A29AA55D ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:36:02.0739 0x12c4 iirsp - ok
20:36:02.0819 0x12c4 [ B9C54120F46392100478F58F374E5709, A28EE8B0988F580D5984E815FC78DF41B169260814234AA0E453375542D0957B ] IKEEXT C:\Windows\System32\ikeext.dll
20:36:02.0839 0x12c4 IKEEXT - ok
20:36:03.0099 0x12c4 [ F8F53C5449F15B23D4C61D51D2701DA8, BDAE41E3A5798FA11E979DAE84EB5F21D9C271196A757429ED1DACD732822CF9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
20:36:03.0179 0x12c4 IntcAzAudAddService - ok
20:36:03.0209 0x12c4 [ A0F12F2C9BA6C72F3987CE780E77C130, 5F53DF8BE1621AA7DFB655CFD9C95E0AFA1AD3CE2E290E19D7B7FB3C6E380034 ] intelide C:\Windows\system32\drivers\intelide.sys
20:36:03.0209 0x12c4 intelide - ok
20:36:03.0229 0x12c4 [ 3B514D27BFC4ACCB4037BC6685F766E0, F12D7AC62F8550E6F33B28AD751D8413AB7FFEF963242D99FFA76CE8A48B027A ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:36:03.0229 0x12c4 intelppm - ok
20:36:03.0279 0x12c4 [ ACB364B9075A45C0736E5C47BE5CAE19, 202F77C659103D2D0E787B8CB0A23BE32EA5AA2E6B3B0A0F0A8DFA906AB3C0C0 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:36:03.0289 0x12c4 IPBusEnum - ok
20:36:03.0299 0x12c4 [ 709D1761D3B19A932FF0238EA6D50200, 0A9D2C3A6E91CA45540555B40CB4E2DF3EBE98C1D164C4EECEE20C86782F5823 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:36:03.0299 0x12c4 IpFilterDriver - ok
20:36:03.0349 0x12c4 [ 58F67245D041FBE7AF88F4EAF79DF0FA, 67468D6A46FF4D87AD321BFEA42F2FC843D09AA292A119C76D4D795D06028F96 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:36:03.0359 0x0fd0 Object send P2P result: true
20:36:03.0369 0x12c4 iphlpsvc - ok
20:36:03.0409 0x12c4 [ 4BD7134618C1D2A27466A099062547BF, 20284ABEF4433A59E2981F4143CAEC67DC990864FE0B9E3DC70EE0B88539E964 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:36:03.0409 0x12c4 IPMIDRV - ok
20:36:03.0429 0x12c4 [ A5FA468D67ABCDAA36264E463A7BB0CD, EDB828D596E43372F97DAE1AADA46428C4C45FB80646DDC64FAD5F25C826CF63 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:36:03.0429 0x12c4 IPNAT - ok
20:36:03.0499 0x12c4 [ 64E48AA57623E2B1225F64A9ECAFB7FC, 52EAB8543789A6FE1120BD1C5113145AD32BF25E0BF19BE568F8A6B416A9648E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:36:03.0519 0x12c4 iPod Service - ok
20:36:03.0539 0x12c4 [ 42996CFF20A3084A56017B7902307E9F, 688176DAB91BE569280E4822E4C5BDE755794D293591C53F8047AD59C441751D ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:36:03.0539 0x12c4 IRENUM - ok
20:36:03.0579 0x12c4 [ 1F32BB6B38F62F7DF1A7AB7292638A35, 86522358680FBB1CEBC56B4D139290689BB0F71A3EC78CE883E4D75D0B37586F ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:36:03.0589 0x12c4 isapnp - ok
20:36:03.0609 0x12c4 [ EB34CE31FABD4DC4343FD2AD16D2CAF9, D21C91227A15DA89ECF522345D0AB80B3B7FC24A230596DABDB8BD3B7554CE8C ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:36:03.0619 0x12c4 iScsiPrt - ok
20:36:03.0669 0x12c4 [ 213822072085B5BBAD9AF30AB577D817, 2C373B804D840933EC3A5F3ABFC43E47C2636CDB2431AB51846C565077B7C468 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:36:03.0669 0x12c4 IviRegMgr - ok
20:36:03.0689 0x12c4 [ ADEF52CA1AEAE82B50DF86B56413107E, A3AE1E96B04AC81665ABBD3CB267DFB3F78376DAE18FB0DBD447908DDAAA22D2 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:36:03.0689 0x12c4 kbdclass - ok
20:36:03.0729 0x12c4 [ 9E3CED91863E6EE98C24794D05E27A71, 90CF59F20E14E4A5A793266805E82BF7AE1F0CF4C7BAB1FD2EEF3B53C5DF770F ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:36:03.0769 0x12c4 kbdhid - ok
20:36:03.0789 0x12c4 [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] KeyIso C:\Windows\system32\lsass.exe
20:36:03.0789 0x12c4 KeyIso - ok
20:36:03.0839 0x12c4 [ 37507B2F0EA8C2A7CFE120E6EE2128B5, 0691D6F9E47FF46A7B58FB2A7298F13EABE3125848B7966F6B38A38A829820B9 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:36:03.0839 0x12c4 KSecDD - ok
20:36:03.0889 0x12c4 [ D94D58A52BFC1352E82EBECADE518B6D, 8B5418D2026C2081BD5124D1BE167BED315AB5F88CC57A9BDBB688A30B50F8EE ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:36:03.0899 0x12c4 KSecPkg - ok
20:36:03.0949 0x12c4 [ 89A7B9CC98D0D80C6F31B91C0A310FCD, 4583CAEEE0D50C0C7CE955E533FDA063CDC37B69033D41EF22EF1BA242E4C747 ] KtmRm C:\Windows\system32\msdtckrm.dll
20:36:03.0979 0x12c4 KtmRm - ok
20:36:04.0009 0x12c4 [ D64AF876D53ECA3668BB97B51B4E70AB, D5C07C019BFEAFBEDC29AB5060356A3B07449712B21B50E03378BEF04AF180F9 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:36:04.0019 0x12c4 LanmanServer - ok
20:36:04.0059 0x12c4 [ 58405E4F68BA8E4057C6E914F326ABA2, C3E6519A1A38F1B3597D4391E42ABFE8F1F5E86256C4B3BD876CDAD9BB68B0A6 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:36:04.0069 0x12c4 LanmanWorkstation - ok
20:36:04.0109 0x12c4 [ F7611EC07349979DA9B0AE1F18CCC7A6, 879AA7A391966F00761CA039C25EBC62F6712DD5461694911EEC673E12DE103E ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:36:04.0109 0x12c4 lltdio - ok
20:36:04.0139 0x12c4 [ 5700673E13A2117FA3B9020C852C01E2, 6684A2905EE8C438F2A64BE47E51A54D287B08DEFB8E0AE7FC2809D845EE3C5F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:36:04.0149 0x12c4 lltdsvc - ok
20:36:04.0169 0x12c4 [ 55CA01BA19D0006C8F2639B6C045E08B, 4DBBDC820C514DB18CC13F8EE178F8C4E39C295C6E3C255416C235553CE7BDC1 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:36:04.0169 0x12c4 lmhosts - ok
20:36:04.0199 0x12c4 [ EB119A53CCF2ACC000AC71B065B78FEF, 1FD60735C4945AE565C223F0B47EAF9602D8777E3D15600914C1A9D761215AF9 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:36:04.0199 0x12c4 LSI_FC - ok
20:36:04.0219 0x12c4 [ 8ADE1C877256A22E49B75D1CC9161F9C, 3D64F233DC866537E50549A7C1A2B40A954055B22F0BDA39825B04C38C607CB7 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:36:04.0219 0x12c4 LSI_SAS - ok
20:36:04.0239 0x12c4 [ DC9DC3D3DAA0E276FD2EC262E38B11E9, A264990857CBC74036799E17A087130626C0A09BE19879019BAF2D761C62AECC ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:36:04.0249 0x12c4 LSI_SAS2 - ok
20:36:04.0259 0x12c4 [ 0A036C7D7CAB643A7F07135AC47E0524, 2F662D07FCB74B8D493156DB555EAA90A47E93CF14C7B30039D2FE47EB8682B8 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:36:04.0269 0x12c4 LSI_SCSI - ok
20:36:04.0289 0x12c4 [ 6703E366CC18D3B6E534F5CF7DF39CEE, 7396B9AF938284D99EC51206A7B2FA4A0DC10A493DCE6707818B03A7473782C4 ] luafv C:\Windows\system32\drivers\luafv.sys
20:36:04.0289 0x12c4 luafv - ok
20:36:04.0329 0x12c4 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1, D2A84EBF0C0B7A14AD432FD2EF43CC12300027AEA3FA4075659FB088AB62B588 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:36:04.0339 0x12c4 Mcx2Svc - ok
20:36:04.0359 0x12c4 [ 0FFF5B045293002AB38EB1FD1FC2FB74, 49071B565FD5B2DE43EC00D8518C3BE70843F38919E82F13104B8C1FAFB20374 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:36:04.0369 0x12c4 megasas - ok
20:36:04.0379 0x12c4 [ DCBAB2920C75F390CAF1D29F675D03D6, 85C3A7A010BEA5E3C6179161B295F2CB900A6A214833A5F87A4327392880E2BB ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:36:04.0389 0x12c4 MegaSR - ok
20:36:04.0439 0x12c4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] MMCSS C:\Windows\system32\mmcss.dll
20:36:04.0439 0x12c4 MMCSS - ok
20:36:04.0469 0x12c4 [ F001861E5700EE84E2D4E52C712F4964, F4DC5AEED6F34D76CCEF360862CC47EF71097BE0813C8CE04EE5F0DB387DFFAE ] Modem C:\Windows\system32\drivers\modem.sys
20:36:04.0469 0x12c4 Modem - ok
20:36:04.0511 0x12c4 [ 79D10964DE86B292320E9DFE02282A23, 52714827B7EEDACA55326A4E4F6158D4942DFAA3BACDE303A2F569BF3F4FAA72 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:36:04.0511 0x12c4 monitor - ok
20:36:04.0551 0x12c4 [ FB18CC1D4C2E716B6B903B0AC0CC0609, F10CCA63493782B16DE6B96B94A27078DBE68AECEF34FDF840CFF86D2C6E3C5E ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:36:04.0551 0x12c4 mouclass - ok
20:36:04.0561 0x12c4 [ 2C388D2CD01C9042596CF3C8F3C7B24D, B2FB72272BB01AEDA4047B57C943B7E9BD8A6497854F8CC34672AAA592D0A703 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:36:04.0581 0x12c4 mouhid - ok
20:36:04.0611 0x12c4 [ BAD9C0366134BA181514E9263C8CE606, 7976B2D3DC283ACDBC21C7D197C0E2A650E6555F6569283302766B17D736BDB8 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:36:04.0611 0x12c4 mountmgr - ok
20:36:04.0681 0x12c4 [ 7F7FD183AEFC2F302EF1BF1CFCCB82CE, B13D8E8C92EDF1E885AF7E6FA5DD63978C3F319F200B59A955FE6AC3C9D26C32 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
20:36:04.0701 0x12c4 MpFilter - ok
20:36:04.0721 0x12c4 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0, D3D903EEA465D77345AAC9B9F02CDEADF4831212EA2DE4FCA33BEE26EBB47420 ] mpio C:\Windows\system32\drivers\mpio.sys
20:36:04.0731 0x12c4 mpio - ok
20:36:04.0761 0x12c4 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0, 1D6DCFA0E56C3E55B6AED819176E751502F863BA0FCF4F0B3253A81D208141A2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:36:04.0761 0x12c4 mpsdrv - ok
20:36:04.0821 0x12c4 [ 9835584E999D25004E1EE8E5F3E3B881, 71798B0CBE9AE69F1F29B845319019C69EC7F415CBABB3B87DDE92C360675021 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:36:04.0851 0x12c4 MpsSvc - ok
20:36:04.0891 0x12c4 [ 6430A074F6E32176FBEF2DEB110AE952, 0161B3CBCF427F5F9C47EDBA7F6848D9D6EB58B7EF203881E0D288B5ABAEEB98 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:36:04.0921 0x12c4 MRxDAV - ok
20:36:04.0941 0x12c4 [ C04D36B97BCEE4A83EC34325A3424768, 904C8A4875E0016C3F3659B5E1A748EE284789BF7C380E4F83148C2B1FC09D3B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:36:04.0941 0x12c4 mrxsmb - ok
20:36:04.0991 0x12c4 [ 84D65385A4DF3577C9CA697B67DFCE26, 19838CC40945403988C4533A2CF09CA5305BEBD8170093C7567722CC3E918AA5 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:36:04.0991 0x12c4 mrxsmb10 - ok
20:36:05.0041 0x12c4 [ 8758312AE2602620E6C972F527EC64ED, 4DFFEAE6A34F5EDBD8D53FCEE63A3742BEAF93A01769AD3BCB8D5C25C51D0A45 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:36:05.0041 0x12c4 mrxsmb20 - ok
20:36:05.0061 0x12c4 [ 012C5F4E9349E711E11E0F19A8589F0A, 208B92DFCF7AD43202660FBBC9FF5E03AEDBEE38178FF3628EB74CB6CD37C584 ] msahci C:\Windows\system32\drivers\msahci.sys
20:36:05.0071 0x12c4 msahci - ok
20:36:05.0101 0x12c4 [ 55055F8AD8BE27A64C831322A780A228, C2C9FD1F61302997117B1CD0835E8234405BB80084065ED05363B77868397304 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:36:05.0111 0x12c4 msdsm - ok
20:36:05.0151 0x12c4 [ E1BCE74A3BD9902B72599C0192A07E27, 5162EB623FE64E9DFEAC6CA2410EFA1314E62EC13207FFBFED2D61AA887603C4 ] MSDTC C:\Windows\System32\msdtc.exe
20:36:05.0171 0x12c4 MSDTC - ok
20:36:05.0201 0x12c4 [ DAEFB28E3AF5A76ABCC2C3078C07327F, 6EB558532400B489763BAE7203538DE5F196282A8CB46A1B31D59120FC5AFCEF ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:36:05.0201 0x12c4 Msfs - ok
20:36:05.0221 0x12c4 [ 3E1E5767043C5AF9367F0056295E9F84, B2EDFECD3C14E4FE1BA87D9A86334043A9BD696A554EBD186DA7EAEB2EBD4F70 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:36:05.0221 0x12c4 mshidkmdf - ok
20:36:05.0251 0x12c4 [ 0A4E5757AE09FA9622E3158CC1AEF114, ED574E420E57374E328C7C526504ECA569C164287966F06019EC207CB17F2C54 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:36:05.0251 0x12c4 msisadrv - ok
20:36:05.0311 0x12c4 [ 90F7D9E6B6F27E1A707D4A297F077828, BEFC220EAA7307849600748842ACB9254A6A91158812D9B23EFAF912C498BA7F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:36:05.0311 0x12c4 MSiSCSI - ok
20:36:05.0321 0x12c4 msiserver - ok
20:36:05.0351 0x12c4 [ 8C0860D6366AAFFB6C5BB9DF9448E631, 949C5A14E57F2D7385543C17C3485E7ADE36EA2016F6E0A1866571D2EDE90A77 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:36:05.0351 0x12c4 MSKSSRV - ok
20:36:05.0401 0x12c4 [ DC8B329D6B4026D2D6E957BC79336022, B1EC02B57F2F7AFACDD498C21E3CD7F32F798ABE7C8041A2824DECAB8276520F ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:36:05.0411 0x12c4 MsMpSvc - ok
20:36:05.0461 0x12c4 [ 3EA8B949F963562CEDBB549EAC0C11CE, 1B0B2F16A1790282504F3C548D47C3281EFB440D5D9711A1EF76D6371B768D2D ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:36:05.0461 0x12c4 MSPCLOCK - ok
20:36:05.0481 0x12c4 [ F456E973590D663B1073E9C463B40932, 48BA6D5580EE7B6A4C06E04772FD35B51779553FC0DD6C5C30DD8B5DEEB25B11 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:36:05.0481 0x12c4 MSPQM - ok
20:36:05.0511 0x12c4 [ 0E008FC4819D238C51D7C93E7B41E560, 141FCEBDD05874407EAEC35A9DCD3BB16F2A428F23E55487D6A5DBFCADBF10D2 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:36:05.0511 0x12c4 MsRPC - ok
20:36:05.0531 0x12c4 [ FC6B9FF600CC585EA38B12589BD4E246, F05DB01AE1955D2468CE6B51E51998B111CA3B0BDEED090EE6B99B625CBA564A ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:36:05.0531 0x12c4 mssmbios - ok
20:36:05.0621 0x12c4 MSSQL$SQLEXPRESS - ok
20:36:05.0711 0x12c4 [ F1761C8FB2B25A32C6D63E36BB88C3AE, C88F5EF7B547DAA2394888362916FA18F07241E0BF2B938297428A1C04FFD806 ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
20:36:05.0711 0x12c4 MSSQLServerADHelper100 - ok
20:36:05.0721 0x12c4 [ B42C6B921F61A6E55159B8BE6CD54A36, 6BB0A7BE005B8F281E551D1B8046CE4202372BC7AE0161881C858BFAC675FE1C ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:36:05.0731 0x12c4 MSTEE - ok
20:36:05.0741 0x12c4 [ 33599130F44E1F34631CEA241DE8AC84, E15B31D1AFDC8DC6D2B21D4215796A99ECC69EEDBB06CEED01AECC3C99A44C8B ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:36:05.0741 0x12c4 MTConfig - ok
20:36:05.0771 0x12c4 [ 159FAD02F64E6381758C990F753BCC80, E55AB01DCFA95ECAB24A2A9656E28FF9D064BA08B3D82DC8AA42F5991BA09598 ] Mup C:\Windows\system32\Drivers\mup.sys
20:36:05.0771 0x12c4 Mup - ok
20:36:05.0811 0x12c4 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E, D252248532142E9E2332DA693BC51B795102CA938B568FF04981E98B19BFBC5C ] napagent C:\Windows\system32\qagentRT.dll
20:36:05.0831 0x12c4 napagent - ok
20:36:05.0851 0x12c4 [ 26384429FCD85D83746F63E798AB1480, 957C115C263A4B4DC854558B43ECE632D8E2BCCB744E23A01EBA7476BA2E7FFB ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:36:05.0871 0x12c4 NativeWifiP - ok
20:36:05.0941 0x12c4 [ 9804FB2E46077F2977552347DFCA7E05, A34B703462C6998AB2B3EA6389F4B89616CDC257D44C400C92663E6FB4A8F196 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:36:05.0961 0x12c4 NDIS - ok
20:36:05.0981 0x12c4 [ 0E1787AA6C9191D3D319E8BAFE86F80C, F535022747355B2C66424BDA892D7DCB820C2EB8EE05BAE5BC6D1B1D65186278 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:36:05.0981 0x12c4 NdisCap - ok
20:36:06.0001 0x12c4 [ E4A8AEC125A2E43A9E32AFEEA7C9C888, 6EA181117126FC70B3C1DD1AC73CC26D1603A2CF49E47F66623E2C9489C49B55 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:36:06.0001 0x12c4 NdisTapi - ok
20:36:06.0051 0x12c4 [ D8A65DAFB3EB41CBB622745676FCD072, 874D3C3D247C4A309DA813DB1D2EDB0037D3C489824BD5FE95B0C20699764EF7 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:36:06.0051 0x12c4 Ndisuio - ok
20:36:06.0091 0x12c4 [ 38FBE267E7E6983311179230FACB1017, CFD1CBCA59650795C030DB30E5795B37C11C736E14003AE1DAB081BA5C0C9B14 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:36:06.0101 0x12c4 NdisWan - ok
20:36:06.0171 0x12c4 [ A4BDC541E69674FBFF1A8FF00BE913F2, 18CCFD063E9870B8B6958715BC0414C4D920AE63528EA1E9D7E30F7138918FFA ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:36:06.0171 0x12c4 NDProxy - ok
20:36:06.0181 0x12c4 [ 80B275B1CE3B0E79909DB7B39AF74D51, 75B406B0D9D28239D4EB2A298419A5F78A58237D88C5FD688EF1DFFAFACCF796 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:36:06.0181 0x12c4 NetBIOS - ok
20:36:06.0221 0x12c4 [ 280122DDCF04B378EDD1AD54D71C1E54, F98B2ADE34F7E67C7C06C1D0FFB80ECBC353D044D4B4784CD952910345DC2ED0 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:36:06.0231 0x12c4 NetBT - ok
20:36:06.0251 0x12c4 [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] Netlogon C:\Windows\system32\lsass.exe
20:36:06.0251 0x12c4 Netlogon - ok
20:36:06.0301 0x12c4 [ 7CCCFCA7510684768DA22092D1FA4DB2, BB9E4F8FABBF596D888E6D303CB54A336D9DFF95B36AEA9369D2ED787DDC4B5D ] Netman C:\Windows\System32\netman.dll
20:36:06.0321 0x12c4 Netman - ok
20:36:06.0421 0x12c4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:36:06.0431 0x12c4 NetMsmqActivator - ok
20:36:06.0451 0x12c4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:36:06.0451 0x12c4 NetPipeActivator - ok
20:36:06.0481 0x12c4 [ 8C338238C16777A802D6A9211EB2BA50, 0D08A47CD403EDA5E8CAD7409BBBBCDC29A9861D2DC41D42B68B22B1AA1EBDD6 ] netprofm C:\Windows\System32\netprofm.dll
20:36:06.0491 0x12c4 netprofm - ok
20:36:06.0501 0x12c4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:36:06.0501 0x12c4 NetTcpActivator - ok
20:36:06.0511 0x12c4 [ 15CBA881E10968E33B43D31BE6097BA3, 69449ACA82B67F308C9F7DAB7A4C75BD88A95B98FC7F9102C72AD3D233A48346 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:36:06.0511 0x12c4 NetTcpPortSharing - ok
20:36:06.0541 0x12c4 [ 1D85C4B390B0EE09C7A46B91EFB2C097, 6A8850B151E88EE371F3CC543A946302DDF9494908D684B8B0C706A42CC54348 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:36:06.0541 0x12c4 nfrd960 - ok
20:36:06.0611 0x12c4 [ BFD3B47A46BF2BB6BB0CEC7127EE929E, 6DD73FD0AC57D025A1290D494BC4405A6A5D89AE76A3EC4E3F20C3F8A45A5E24 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:36:06.0611 0x12c4 NisDrv - ok
20:36:06.0661 0x12c4 [ F36D4743BCB636F1779E7CB36E950525, 176E3547B30579CE2D8901B5F9AE06C5BF493E81253A4A351FD304A561C8B3F1 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
20:36:06.0681 0x12c4 NisSrv - ok
20:36:06.0721 0x12c4 [ F115C5CD29E512F18BD7138A094B77E5, 90C2CE8B256EE9AABF674ADDE7F85E91DAF48EA368452D03C187A4AE027D4E39 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:36:06.0741 0x12c4 NlaSvc - ok
20:36:06.0751 0x12c4 [ 1DB262A9F8C087E8153D89BEF3D2235F, A51EE5D5AD3CD76B74BEA9C66C462608BF3B50C53DAA4110A75DB10495A8C101 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:36:06.0751 0x12c4 Npfs - ok
20:36:06.0801 0x12c4 [ BA387E955E890C8A88306D9B8D06BF17, 3477BD9686C5777A93251C154512671AAA7533B18C536DF51F7B1D6D28E7F8A5 ] nsi C:\Windows\system32\nsisvc.dll
20:36:06.0801 0x12c4 nsi - ok
20:36:06.0811 0x12c4 [ E9A0A4D07E53D8FEA2BB8387A3293C58, 690CAD6C4E35ECC1172A2E1FD3933DF73158B3BF42CB21244269612A53DE4D7A ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:36:06.0811 0x12c4 nsiproxy - ok
20:36:06.0901 0x12c4 [ 978E7A2E4BF4E8E70D0776EF0D9E97FB, B6C82BB9B3025FD2D37B6AB6FA9C2944F8B3020CD4588BE464CE73A992B7FF00 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:36:06.0941 0x12c4 Ntfs - ok
20:36:06.0961 0x12c4 [ F9756A98D69098DCA8945D62858A812C, 572ADBFCFDE2030B34A013AADC14DBC144EB3F34D06991E2464A3EA9605BC045 ] Null C:\Windows\system32\drivers\Null.sys
20:36:06.0961 0x12c4 Null - ok
20:36:07.0001 0x12c4 [ B3E25EE28883877076E0E1FF877D02E0, 402B6FED6FBBF645190396DC141141EF52DD059DABD01F8AC9CF01D23664070C ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:36:07.0001 0x12c4 nvraid - ok
20:36:07.0041 0x12c4 [ 4380E59A170D88C4F1022EFF6719A8A4, 93EDB3F4CDBF53C9C1970DD29AB146E390695C568180847BA8903F5FBEABCFF2 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:36:07.0051 0x12c4 nvstor - ok
20:36:07.0091 0x12c4 [ 5A0983915F02BAE73267CC2A041F717D, D83461D74597BF2BE042FEFCC27FCD18BF63CB8135B0666D731D50951C3468A8 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:36:07.0091 0x12c4 nv_agp - ok
20:36:07.0181 0x12c4 [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:36:07.0211 0x12c4 odserv - ok
20:36:07.0251 0x12c4 [ 08A70A1F2CDDE9BB49B885CB817A66EB, 0BB98123B544124B144F3E95D77E01E973D060B8B2302503FF24ABBBE803EB63 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:36:07.0261 0x12c4 ohci1394 - ok
20:36:07.0321 0x12c4 [ 5A432A042DAE460ABE7199B758E8606C, 6E5D1F477D290905BE27CEBF9572BAC6B05FFEF2FAD901D3C8E11F665F8B9A71 ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:36:07.0331 0x12c4 ose - ok
20:36:07.0391 0x12c4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:36:07.0411 0x12c4 p2pimsvc - ok
20:36:07.0481 0x12c4 [ 59C3DDD501E39E006DAC31BF55150D91, E02B63AB7F34CF6FF3F644AF354D10004E6F50014E03172D80BD78934EF71EF1 ] p2psvc C:\Windows\system32\p2psvc.dll
20:36:07.0501 0x12c4 p2psvc - ok
20:36:07.0511 0x12c4 [ 2EA877ED5DD9713C5AC74E8EA7348D14, 14BA3722CE5F8FF07F2D97DCDD6558EB49C9B02E5E6FAD6D9F18D354733EFECE ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:36:07.0521 0x12c4 Parport - ok
20:36:07.0561 0x12c4 [ 3F34A1B4C5F6475F320C275E63AFCE9B, 31295D5121C0C3F2085E0EEBA260EEE4CA003993C026E2F81986D19158036E6B ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:36:07.0561 0x12c4 partmgr - ok
20:36:07.0591 0x12c4 [ EB0A59F29C19B86479D36B35983DAADC, AC09AFE7F13BE4079D01383BAC44091997E1AAF6512C9673A42B9E3780EB08A8 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
20:36:07.0591 0x12c4 Parvdm - ok
20:36:07.0641 0x12c4 [ 52954BE460EC6C54C0ACB2B3B126FFC6, 9F9878EC5ABC74C5A8EE8E1D940F0934F081895B07D844F42F80A638FE713F7B ] PcaSvc C:\Windows\System32\pcasvc.dll
20:36:07.0641 0x12c4 PcaSvc - ok
20:36:07.0661 0x12c4 [ 673E55C3498EB970088E812EA820AA8F, 1F81315664B8CBFDD569416C0ECCE4C6251F34577313A0858AB46609781303B5 ] pci C:\Windows\system32\drivers\pci.sys
20:36:07.0671 0x12c4 pci - ok
20:36:07.0691 0x12c4 [ AFE86F419014DB4E5593F69FFE26CE0A, CAF36E61BE7B511D3A03A65FF5A3017CEE4D2F53005B410F2D4A2AAE9FED4C00 ] pciide C:\Windows\system32\drivers\pciide.sys
20:36:07.0691 0x12c4 pciide - ok
20:36:07.0711 0x12c4 [ F396431B31693E71E8A80687EF523506, BC614FC21E029E2497F1CCE3131BBD295B827F2310762B47D5BBC7703D80554B ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:36:07.0721 0x12c4 pcmcia - ok
20:36:07.0741 0x12c4 [ 250F6B43D2B613172035C6747AEEB19F, A91F15B133F2619912CF750E6F3662E011CD0FA4B9477CE532CE3196D23307D9 ] pcw C:\Windows\system32\drivers\pcw.sys
20:36:07.0741 0x12c4 pcw - ok
20:36:07.0781 0x12c4 pdserv - ok
20:36:07.0821 0x12c4 [ AEBC369F7DC72AB3F5B9BDF34FA0D43F, 2A819154AC6C23E97C583D90B4D0C112188B7AE9D8D9B3F88811BFCED124E551 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:36:07.0841 0x12c4 PEAUTH - ok
20:36:07.0941 0x12c4 [ 414BBA67A3DED1D28437EB66AEB8A720, D6DF254E2615FA402044824DCD9004F579FC0DF74B90E44C99D5F0253CF8AD88 ] pla C:\Windows\system32\pla.dll
20:36:07.0991 0x12c4 pla - ok
20:36:08.0051 0x12c4 [ EC7BC28D207DA09E79B3E9FAF8B232CA, A42F8F69C3CD753D787A5D558659DEA2CC306C896D75B8C82549219CF654504F ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:36:08.0111 0x12c4 PlugPlay - ok
20:36:08.0161 0x12c4 [ 63FF8572611249931EB16BB8EED6AFC8, 9732CCBCB93A7A4BEC88812B952C20244479E9BD781240C195E57F09E619EA33 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:36:08.0161 0x12c4 PNRPAutoReg - ok
20:36:08.0211 0x12c4 [ 82A8521DDC60710C3D3D3E7325209BEC, C4E34571EDD57C7FBB3D736B5FE8BD154624705B5C8EA2EC898F19F75B9A5942 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:36:08.0221 0x12c4 PNRPsvc - ok
20:36:08.0281 0x12c4 [ 53946B69BA0836BD95B03759530C81EC, 7F14A34635354CCA0F5342C8D9DF5A6AA1B94F6A508BD8834029E9BACF252920 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:36:08.0291 0x12c4 PolicyAgent - ok
20:36:08.0331 0x12c4 [ F87D30E72E03D579A5199CCB3831D6EA, B09328E89954584F97908FA5946376BA990B8C650DABCBF3CA3B08719937C694 ] Power C:\Windows\system32\umpo.dll
20:36:08.0341 0x12c4 Power - ok
20:36:08.0411 0x12c4 [ 631E3E205AD6D86F2AED6A4A8E69F2DB, 1D3BF0CFC37D91A3A56246920B9CF1084E78A055D56E85A773417809C58C8065 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:36:08.0411 0x12c4 PptpMiniport - ok
20:36:08.0451 0x12c4 [ 85B1E3A0C7585BC4AAE6899EC6FCF011, 1E067113C146D6842D7FB04007F363D6FB7783C6BC7C9AB6614E44075C4F86C3 ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:36:08.0461 0x12c4 Processor - ok
20:36:08.0511 0x12c4 [ FD9692A3D31E021207D3C2A9DDDC2BE3, 5295EFAD9BD4B59996935A41825392C12A4C968D161BEEA37797F90AF8E54229 ] ProfSvc C:\Windows\system32\profsvc.dll
20:36:08.0531 0x12c4 ProfSvc - ok
20:36:08.0541 0x12c4 [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:36:08.0541 0x12c4 ProtectedStorage - ok
20:36:08.0601 0x12c4 [ 64E413BA0C529AA40C3924BBCC4153DB, 9E0EB02078EE250AC618D4A4537D54BACDD7E2B67349162CA61F35EAF91601EE ] ProtexisLicensing C:\Windows\system32\PSIService.exe
20:36:08.0611 0x12c4 ProtexisLicensing - ok
20:36:08.0641 0x12c4 [ 6270CCAE2A86DE6D146529FE55B3246A, 463209CBAF1B0E269DC8FC6FBDEE5BB7E5ADB5D3F024930BFD0B97E0A9678883 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:36:08.0641 0x12c4 Psched - ok
20:36:08.0681 0x12c4 [ F036CFB275D0C55F4E45FBBF5F98B3C8, D8D1CA9F65B34A93AB9F7FD9BB6C453B2BF4E8320E620F56055B743DF1D56DE8 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
20:36:08.0741 0x12c4 PSI_SVC_2 - ok
20:36:08.0781 0x12c4 [ 03E0FE281823BA64B3782F5B38950E73, D47E5536AD28D02B7D784846CFB2F4FD96187BFD64FC07BACDE9DC7B75D1D2E2 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
20:36:08.0791 0x12c4 PxHelp20 - ok
20:36:08.0881 0x12c4 [ AB95ECF1F6659A60DDC166D8315B0751, 0ED6D3460D28978BADF31B930DBB3298A6A10EFF8883763EABA0E36A21A0E83D ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:36:08.0921 0x12c4 ql2300 - ok
20:36:08.0951 0x12c4 [ B4DD51DD25182244B86737DC51AF2270, 7E62B04F054A6330B7F9968222523BDE8F3EE47A11D17E6C0E2D5ACDC07B9E6B ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:36:08.0951 0x12c4 ql40xx - ok
20:36:08.0991 0x12c4 [ 31AC809E7707EB580B2BDB760390765A, A8481FD19A0F778F5591B7676F591F664ADC68B6867E663C0F9564173F4AC909 ] QWAVE C:\Windows\system32\qwave.dll
20:36:09.0011 0x12c4 QWAVE - ok
20:36:09.0021 0x12c4 [ 584078CA1B95CA72DF2A27C336F9719D, 836F115C92D343463C14A9DE39648C1EFA7C7EE4720F5C692EE0F68B84830121 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:36:09.0021 0x12c4 QWAVEdrv - ok
20:36:09.0041 0x12c4 [ 30A81B53C766D0133BB86D234E5556AB, 726C6B83B5ACAA84CAB1689B6DD6DDAE3199D61A57B5D7B5B5A0F62FCF838090 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:36:09.0041 0x12c4 RasAcd - ok
20:36:09.0081 0x12c4 [ 57EC4AEF73660166074D8F7F31C0D4FD, C66B425EC4DB5E7FD289AE631C9B019EB16717C55E80FAE964BB22203E4AACEF ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:36:09.0081 0x12c4 RasAgileVpn - ok
20:36:09.0091 0x12c4 [ A60F1839849C0C00739787FD5EC03F13, B210DFA5A843CF1DA73635F168E2EA5052CBED15C664F8523CDFB34CA165D0E0 ] RasAuto C:\Windows\System32\rasauto.dll
20:36:09.0101 0x12c4 RasAuto - ok
20:36:09.0111 0x12c4 [ D9F91EAFEC2815365CBE6D167E4E332A, 8350457A39D141C13807E7DB5A8D4113197C4016F7744B9993391F4AEA0C4A5C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:36:09.0121 0x12c4 Rasl2tp - ok
20:36:09.0161 0x12c4 [ CB9E04DC05EACF5B9A36CA276D475006, 4D8C0AEF1D4F84F375AD2BAF786C9F6C52316A3E655B913449E71AD7C0FCA56E ] RasMan C:\Windows\System32\rasmans.dll
20:36:09.0181 0x12c4 RasMan - ok
20:36:09.0201 0x12c4 [ 0FE8B15916307A6AC12BFB6A63E45507, 64119474DE7499E6E8B82E78BBD50074B3AA70B3E8329089FAE9B7F29919004E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:36:09.0201 0x12c4 RasPppoe - ok
20:36:09.0221 0x12c4 [ 44101F495A83EA6401D886E7FD70096B, 56A0CE5C89870752B9B2AB795C1A248CA28209E049B2F20CCA0308CBE2488A0A ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:36:09.0221 0x12c4 RasSstp - ok
20:36:09.0271 0x12c4 [ D528BC58A489409BA40334EBF96A311B, C71E9A4B101DB6C3183B9F97B9098D73D6FE1B12C05C2EB3CE8A8041BEE6BA61 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:36:09.0291 0x12c4 rdbss - ok
20:36:09.0301 0x12c4 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF, 2AFCBE3237D27AFBF095F91F1FCCA63E6890F34A9E4F00E5C34C92394CDA89FB ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:36:09.0301 0x12c4 rdpbus - ok
20:36:09.0341 0x12c4 [ 23DAE03F29D253AE74C44F99E515F9A1, 8FED93D10B2062F0526FE3508101F8FCF8F72DEB90AFB472EB7CBAE83A0EC430 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:36:09.0341 0x12c4 RDPCDD - ok
20:36:09.0361 0x12c4 [ 5A53CA1598DD4156D44196D200C94B8A, 8112FE14FEC94C67B1C5BDE4171E37584F1D0098D2C557C9E4BDD3E0291E25E4 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:36:09.0361 0x12c4 RDPENCDD - ok
20:36:09.0381 0x12c4 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F, CDA80B08E67AD034081C0C920CD66147689F1844403CBC552F65005E7C011A91 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:36:09.0391 0x12c4 RDPREFMP - ok
20:36:09.0471 0x12c4 [ 65375DF758CA1872AB7EBBBA457FD5E6, 8AC7681F51277E799C22FF95FA0B833E9E260D37C0416319FF05B66FB3948005 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:36:09.0521 0x12c4 RdpVideoMiniport - ok
20:36:09.0551 0x12c4 [ CD9214A6AE17D188D17C3CF8CB9CC693, 2E16FF1F7446F0600D6519010FD05A30B94D97167C16B3E7FC396A97D8139D60 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:36:09.0561 0x12c4 RDPWD - ok
20:36:09.0591 0x12c4 [ 518395321DC96FE2C9F0E96AC743B656, 5F6A0880B4F3EE7196259EA362DA9554B0687B0236F9A8E5CF7A4A77F01F1776 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:36:09.0601 0x12c4 rdyboost - ok
20:36:09.0641 0x12c4 [ 001B4278407F4303EFC902A2B16F2453, 92A95B0EFAAE7ADC6380D5207C86CB45BEEAE6974417A13669484A9D179E69AC ] regi C:\Windows\system32\drivers\regi.sys
20:36:09.0641 0x12c4 regi - ok
20:36:09.0671 0x12c4 [ 7B5E1419717FAC363A31CC302895217A, 048B96B127CC20833948DAE53C59886D5C725ECA7A744424A01339447D2DDC32 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:36:09.0681 0x12c4 RemoteAccess - ok
20:36:09.0721 0x12c4 [ CB9A8683F4EF2BF99E123D79950D7935, B9FA3E7E91E76D975CF40BFA37909E50F29CC13AB1399007884710651827E9AA ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:36:09.0731 0x12c4 RemoteRegistry - ok
20:36:09.0741 0x12c4 [ 78D072F35BC45D9E4E1B61895C152234, 80C924EE1156B4E3172E83DCB9C60817E87885FB9377647E0BF90153E415B1CA ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:36:09.0751 0x12c4 RpcEptMapper - ok
20:36:09.0791 0x12c4 [ 94D36C0E44677DD26981D2BFEEF2A29D, D77A93AC60536F3706E8A0154C0C2199E888B7748C84DB7437254FF175F4DF55 ] RpcLocator C:\Windows\system32\locator.exe
20:36:09.0791 0x12c4 RpcLocator - ok
20:36:09.0831 0x12c4 [ 1F54F58D7FA2B3442084E32CDE5E309E, F0D8124E7C9ADC88BD8C53646F2499CDB3D2105DA7C4D28F3D26F313859B3D32 ] RpcSs C:\Windows\system32\rpcss.dll
20:36:09.0841 0x12c4 RpcSs - ok
20:36:09.0891 0x12c4 [ 6A7360E36CBD636972AEEF0DD292A946, 08A0DE7819D781B082E2D1A8961B675501F56F62680B0C7117EC547B4A5CB10A ] RsFx0105 C:\Windows\system32\DRIVERS\RsFx0105.sys
20:36:09.0911 0x12c4 RsFx0105 - ok
20:36:09.0931 0x12c4 [ 032B0D36AD92B582D869879F5AF5B928, 0F8F18A6A0A689957B886D9368015889091094EDA18BE532093F06A70A7CE184 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:36:09.0931 0x12c4 rspndr - ok
20:36:09.0951 0x12c4 [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] SamSs C:\Windows\system32\lsass.exe
20:36:09.0951 0x12c4 SamSs - ok
20:36:10.0001 0x12c4 [ 05D860DA1040F111503AC416CCEF2BCA, DAE2F37D09A5A42F945BC8E27E4EA2303521081783A80CEE7FEE7C5A1C2CFC5E ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:36:10
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 20, 2016 9:21 pm    Post subject: Scan Report 2 Reply with quote

20:36:10.0011 0x12c4 sbp2port - ok
20:36:10.0061 0x12c4 [ 8FC518FFE9519C2631D37515A68009C4, 21E10585470CF9FC3BD1977F8A426686CD2FA6BD2094B9E3594B21C7C4541D25 ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:36:10.0071 0x12c4 SCardSvr - ok
20:36:10.0091 0x12c4 [ 0693B5EC673E34DC147E195779A4DCF6, AF1B56FBF3ADABF94CD9DBA67586B8746DE135151F6B3D1B0EE315BC1E2DB670 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:36:10.0091 0x12c4 scfilter - ok
20:36:10.0191 0x12c4 [ 9060B8D5BCD5F2B019249F85E3D811F3, 7FB32AB7FE118462988321B9230074DAA960B587417EB463187539C3215445AE ] Schedule C:\Windows\system32\schedsvc.dll
20:36:10.0221 0x12c4 Schedule - ok
20:36:10.0271 0x12c4 [ 319C6B309773D063541D01DF8AC6F55F, 182F392FE839499D159A30A3CD04B5D0C87219930BFB1A7456880B7DA75B9820 ] SCPolicySvc C:\Windows\System32\certprop.dll
20:36:10.0271 0x12c4 SCPolicySvc - ok
20:36:10.0301 0x12c4 [ 08236C4BCE5EDD0A0318A438AF28E0F7, 77727F963F63C4CEC11E7AAD5FB3836179701D512CA9436C3170B9E6A4E5F888 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:36:10.0311 0x12c4 SDRSVC - ok
20:36:10.0331 0x12c4 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:36:10.0331 0x12c4 secdrv - ok
20:36:10.0381 0x12c4 [ 38CBFFED5FC39CDFE6B4014401ED2629, 7BA730E2EDB8387190E45DA2F475BFE42AB3B12319DE088BD8E9F59227EDA4DD ] seclogon C:\Windows\system32\seclogon.dll
20:36:10.0431 0x12c4 seclogon - ok
20:36:10.0461 0x12c4 [ DCB7FCDCC97F87360F75D77425B81737, F8289AF2C458C167038EEFE613EE5E3D6D5B3308B8784168374BC81C47891CE5 ] SENS C:\Windows\System32\sens.dll
20:36:10.0461 0x12c4 SENS - ok
20:36:10.0511 0x12c4 [ 50087FE1EE447009C9CC2997B90DE53F, B5E6CF1D991F87C29C5E28198E0962E31FFB499A46C3BD43FC20391693389959 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:36:10.0511 0x12c4 SensrSvc - ok
20:36:10.0561 0x12c4 [ 8627C992B8A80504FC477B2E8FF8EC4F, 61E90302C806B36445BF1850CA7060FF4DFFA92F00EFD1E334495D0AE0D27209 ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
20:36:10.0571 0x12c4 Sentinel - ok
20:36:10.0571 0x12c4 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1, E2F019BCD1446236D078D46065DD151DD068778F33BE2F1E8A0CC1EA2F954E86 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:36:10.0581 0x12c4 Serenum - ok
20:36:10.0591 0x12c4 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2, A26DB2EB9F3E2509B4EBA949DB97595CC32332D9321DF68283BFC102E66D766F ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:36:10.0591 0x12c4 Serial - ok
20:36:10.0601 0x12c4 [ 79BFFB520327FF916A582DFEA17AA813, 7A2A9D69BE02228591186A9F4453D4B5FD98837CA422C873C48040170E8BD18C ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:36:10.0601 0x12c4 sermouse - ok
20:36:10.0651 0x12c4 [ 4AE380F39A0032EAB7DD953030B26D28, C8F5F2DD59574E966FDF3057867BB959A554BAB6FD5DC6F1427094A6BC2B2809 ] SessionEnv C:\Windows\system32\sessenv.dll
20:36:10.0661 0x12c4 SessionEnv - ok
20:36:10.0701 0x12c4 [ 9F976E1EB233DF46FCE808D9DEA3EB9C, 6A5C53F27F8BCA85CE206EE7D196176F67EC6FFA5D4830373A20792C149B5E75 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:36:10.0701 0x12c4 sffdisk - ok
20:36:10.0711 0x12c4 [ 932A68EE27833CFD57C1639D375F2731, 11D6B98FBEEE2B9C7B06EF7091857BBD3B349077997D6261D66280668FD1B5C3 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:36:10.0711 0x12c4 sffp_mmc - ok
20:36:10.0721 0x12c4 [ 6D4CCAEDC018F1CF52866BBBAA235982, AAC41F5C97B3FE5A3DC0838457EB8CC9BB71FCA16D3EDBB67D603F0A9D46C131 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:36:10.0721 0x12c4 sffp_sd - ok
20:36:10.0731 0x12c4 [ DB96666CC8312EBC45032F30B007A547, C3AE60FC65A36E96E0D2CC6E184481D70F91A19DC3E2E17E2873DD670A592DD7 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:36:10.0731 0x12c4 sfloppy - ok
20:36:10.0781 0x12c4 [ D1A079A0DE2EA524513B6930C24527A2, E2BC16DBCF38841EECD49C6FA1A9AC89C17F332F12606CA826F058E995E1B83D ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:36:10.0801 0x12c4 SharedAccess - ok
20:36:10.0851 0x12c4 [ 414DA952A35BF5D50192E28263B40577, 9C9BAFB9880DA6CC728506A142BE124E186219610DCC3460657A3CA93C865DF1 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:36:10.0871 0x12c4 ShellHWDetection - ok
20:36:10.0871 0x12c4 [ 2565CAC0DC9FE0371BDCE60832582B2E, 1A775214E86B83C2F1799F12D71077D81C89AD32734A248BA88787B7F104B79D ] sisagp C:\Windows\system32\drivers\sisagp.sys
20:36:10.0881 0x12c4 sisagp - ok
20:36:10.0901 0x12c4 [ A9F0486851BECB6DDA1D89D381E71055, 7E909538AB758C18AC2CCBFFEE17BA36FA6ED2E674AA70924AA87AC61375FF35 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:36:10.0901 0x12c4 SiSRaid2 - ok
20:36:10.0911 0x12c4 [ 3727097B55738E2F554972C3BE5BC1AA, 75D52A596A298C33EC79A3B0B80F25492C08A182ABC679401502DA9597687566 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:36:10.0911 0x12c4 SiSRaid4 - ok
20:36:10.0931 0x12c4 [ 3E21C083B8A01CB70BA1F09303010FCE, 803F8F91299C387110F34A49340E7136AAE91B418E2977A36285EA8F432FF197 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:36:10.0931 0x12c4 Smb - ok
20:36:10.0981 0x12c4 [ 6A984831644ECA1A33FFEAE4126F4F37, 753E23D2B33D47C52C05D892B052CFD96D93B97FB6E9FCB58EF1E4C4A125BF78 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:36:10.0991 0x12c4 SNMPTRAP - ok
20:36:11.0001 0x12c4 [ 95CF1AE7527FB70F7816563CBC09D942, CE8BACB91A5A86CBCE82619C6C1873B4D7593B00CED3B522E41B8F7F6258CC65 ] spldr C:\Windows\system32\drivers\spldr.sys
20:36:11.0001 0x12c4 spldr - ok
20:36:11.0051 0x12c4 [ 9AEA093B8F9C37CF45538382CABA2475, CC63239C412067AA72318ADB8BB80BCDF2CA60DA05D814D32753C92508BC16A8 ] Spooler C:\Windows\System32\spoolsv.exe
20:36:11.0061 0x12c4 Spooler - ok
20:36:11.0221 0x12c4 [ CF87A1DE791347E75B98885214CED2B8, 7AF4E03D751C951A4E5FBA28200DABFE6B3BF055490163EEEEA84EBA4D0F368A ] sppsvc C:\Windows\system32\sppsvc.exe
20:36:11.0321 0x12c4 sppsvc - ok
20:36:11.0361 0x12c4 [ B0180B20B065D89232A78A40FE56EAA6, 4D045B23AD58A8822BE9F20119744A8D47455469D54494745CEB099951DA60FF ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:36:11.0371 0x12c4 sppuinotify - ok
20:36:11.0421 0x12c4 [ 8211A6F40B5EA8BF21C41F34C2895A6C, F394A78F80B0D7DA043AF39E99B2C16EA0CBF4AD4BFD61CFBA5ED08FB25E11C4 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
20:36:11.0431 0x12c4 SQLAgent$SQLEXPRESS - ok
20:36:11.0521 0x12c4 [ 10D936DCED9EACD1A1B3FCDDA6D7A4EB, EE66162AEAF6A583A04BB5AF1220318C9ADD3A62987CDCEE0505C6FF37AB30FF ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
20:36:11.0541 0x12c4 SQLBrowser - ok
20:36:11.0581 0x12c4 [ 135CDCCC167EF0C250125BBD3ABE18D5, 825661B8C2D458A15317EC000B98D9A7991FCC334F36AAAF94447A8CA8275AF4 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
20:36:11.0591 0x12c4 SQLWriter - ok
20:36:11.0631 0x12c4 [ E4C2764065D66EA1D2D3EBC28FE99C46, 043AEF06A23069DD17675955C834690A5FD8F1948A05B3969F977E823C4E25F5 ] srv C:\Windows\system32\DRIVERS\srv.sys
20:36:11.0651 0x12c4 srv - ok
20:36:11.0671 0x12c4 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB, 4DF31206DF8F33C2975E23C7257ED930C4EDA8BC4E246D8FDA130BB583083ED0 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:36:11.0691 0x12c4 srv2 - ok
20:36:11.0711 0x12c4 [ BE6BD660CAA6F291AE06A718A4FA8ABC, CD38939CFBA80B882D38099194FC1EBAE15A9D27A4D941DD03C55EC745E52E59 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:36:11.0721 0x12c4 srvnet - ok
20:36:11.0761 0x12c4 [ D887C9FD02AC9FA880F6E5027A43E118, F38BAD90EC791368C37C21090302708D2DFB83ECE9096609AD9AA667B2E5592E ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:36:11.0781 0x12c4 SSDPSRV - ok
20:36:11.0791 0x12c4 [ D318F23BE45D5E3A107469EB64815B50, D74355E6FF215AA8CE53BC9DF16AF2740F2FC2FD754939478A3608BDA8C6DDA0 ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:36:11.0791 0x12c4 SstpSvc - ok
20:36:11.0811 0x12c4 [ DB32D325C192B801DF274BFD12A7E72B, F089DBA719E22BC269720A6B840B873A4AF5639745DB0C3DBC8BD2F2839A1ABA ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:36:11.0811 0x12c4 stexstor - ok
20:36:11.0871 0x12c4 [ E1FB3706030FB4578A0D72C2FC3689E4, A62EC9AA4514CAF2A10C0A3AEF7A36F593A7E7DA370A3F130C24E1B612E19427 ] StiSvc C:\Windows\System32\wiaservc.dll
20:36:11.0891 0x12c4 StiSvc - ok
20:36:11.0961 0x12c4 [ 7489520E98A119B5A9A00857F4F87D16, 818E070C16A85DD641A865CF439FF862A0D05B1E18B2329C24E8983074E0354E ] stllssvr C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
20:36:12.0031 0x12c4 stllssvr - ok
20:36:12.0071 0x12c4 [ E58C78A848ADD9610A4DB6D214AF5224, 1575A90EB22A4FB066459BDA00C6CAC10198C3C8C74493721EC6D34B51F50426 ] swenum C:\Windows\system32\drivers\swenum.sys
20:36:12.0071 0x12c4 swenum - ok
20:36:12.0101 0x12c4 [ A28BD92DF340E57B024BA433165D34D7, 889CC7FF143C3549982128473FF927CD80CF36485A347EF399C1271C8CE12CE4 ] swprv C:\Windows\System32\swprv.dll
20:36:12.0121 0x12c4 swprv - ok
20:36:12.0211 0x12c4 [ 4EE25AC85AFC3FD67D9F57ECDF566FF2, F1BFF1FB655F31B97FA9C6A49D433EFD33D8A35F6B28B4D83E45C27A05A86228 ] SysMain C:\Windows\system32\sysmain.dll
20:36:12.0251 0x12c4 SysMain - ok
20:36:12.0291 0x12c4 [ 763FECDC3D30C815FE72DD57936C6CD1, 1A62C7E63E426D56894F4121C75D9C60FC9A14469ADBD0D6F0B94B8DE48CDA3E ] TabletInputService C:\Windows\System32\TabSvc.dll
20:36:12.0301 0x12c4 TabletInputService - ok
20:36:12.0351 0x12c4 [ 613BF4820361543956909043A265C6AC, FCFF02E466D2501630B452627FB218C01E5245A0921EE3D2117E7FD63AC7E98E ] TapiSrv C:\Windows\System32\tapisrv.dll
20:36:12.0371 0x12c4 TapiSrv - ok
20:36:12.0451 0x12c4 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:36:12.0491 0x12c4 Tcpip - ok
20:36:12.0541 0x12c4 [ 5579DD18546999F5D0EC39D018726C6B, 82432BACEE75C34F21222D9CC1607223C2940947118A63DB239777A4B1442AD3 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:36:12.0571 0x12c4 TCPIP6 - ok
20:36:12.0621 0x12c4 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B, 2C7204DCD2BCBC6A250FF0F6477616F327AF41FDB7CABE69E5C357361009FB4E ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:36:12.0621 0x12c4 tcpipreg - ok
20:36:12.0661 0x12c4 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2, 879E2827354BB21573AC6A7CCEB746D44214540687E6882FFCB4089546FBD954 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:36:12.0671 0x12c4 TDPIPE - ok
20:36:12.0711 0x12c4 [ 2C2C5AFE7EE4F620D69C23C0617651A8, E828D974C3F9D7004A030C3AD448096C736FDB4C4C1707D043E567D08C845103 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:36:12.0711 0x12c4 TDTCP - ok
20:36:12.0741 0x12c4 [ BB8817D0508DD5EA69C770C8DEF5AB67, C55671524EEF6E16BBCC92556E83FD1D6457E707EA9330FC1CDD28FB11D99B77 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:36:12.0781 0x12c4 tdx - ok
20:36:12.0801 0x12c4 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20, 0D81B427720637882077C5024D738191F858FC734ED040697872D906351EF663 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:36:12.0811 0x12c4 TermDD - ok
20:36:12.0851 0x12c4 [ FCFD4F50419B4BC72E80066DA10D2E54, 7C2314A57A404525F0444986332DBAE0964A3359374671598387051D7AAE72AE ] TermService C:\Windows\System32\termsrv.dll
20:36:12.0881 0x12c4 TermService - ok
20:36:12.0911 0x12c4 [ 42FB6AFD6B79D9FE07381609172E7CA4, B57C85091209A2FAD19ED490B8FA7FC98F12911F9C9CACE9AF1E540780CE6700 ] Themes C:\Windows\system32\themeservice.dll
20:36:12.0921 0x12c4 Themes - ok
20:36:12.0931 0x12c4 [ 146B6F43A673379A3C670E86D89BE5EA, C4412DCF80DE6B55466F399413271364F14BC0819C224AA161EDDC31A9775440 ] THREADORDER C:\Windows\system32\mmcss.dll
20:36:12.0931 0x12c4 THREADORDER - ok
20:36:12.0951 0x12c4 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A, 532A3A812578B2DFD83001DE66FC73689D79EC729409EB572E07E6D65B281712 ] TrkWks C:\Windows\System32\trkwks.dll
20:36:12.0961 0x12c4 TrkWks - ok
20:36:13.0041 0x12c4 [ 2C49B175AEE1D4364B91B531417FE583, 6C7995E18F84E465C376D1D5F153C15ACB66CDEA86EE5BF186677F572E7E129B ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:36:13.0061 0x12c4 TrustedInstaller - ok
20:36:13.0101 0x12c4 [ 6C5139E4283249518F7743D7043775B3, 58684E8C90EBAC65459A97C905CDCFE3A915CFF7E8E96071DE1AC3489F85E67F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:36:13.0101 0x12c4 tssecsrv - ok
20:36:13.0211 0x12c4 [ 9CE253214ACAA5A7D323327D2055EFAA, 15E7DB578EDF36DD2FD5BA960C3941B2353037323B6B96702CDCDC07588EA724 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:36:13.0231 0x12c4 TsUsbFlt - ok
20:36:13.0321 0x12c4 [ B2FA25D9B17A68BB93D58B0556E8C90D, 0146931B733CAB1CD87F94C35F97E110D6ED6C55EAFF03345400A29AEDE99BDE ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:36:13.0331 0x12c4 tunnel - ok
20:36:13.0381 0x12c4 [ 750FBCB269F4D7DD2E420C56B795DB6D, E1A95C59148FE463539C34336FD0E74B31A33B8AB2B8E34AA10349C3347471D7 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:36:13.0381 0x12c4 uagp35 - ok
20:36:13.0431 0x12c4 [ EE43346C7E4B5E63E54F927BABBB32FF, BAD6FC3BEE45E644D5A6A0A31428F5B2AEC72A0AA0C74EF8177B1FE23EEF3AA9 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:36:13.0441 0x12c4 udfs - ok
20:36:13.0471 0x12c4 [ 8344FD4FCE927880AA1AA7681D4927E5, 1B54EFA60A221E2B9FFE59BB41C7E7D8B5AC6826F1C5577456D81371D464255A ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:36:13.0471 0x12c4 UI0Detect - ok
20:36:13.0521 0x12c4 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880, 5D96D90FDF68AE470CC92CA9DF9DA2C05A53EF455A5A109DBBF7C96F3238257C ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:36:13.0521 0x12c4 uliagpkx - ok
20:36:13.0581 0x12c4 [ D295BED4B898F0FD999FCFA9B32B071B, D4130DB4AE76EE6DC0B8E7A4FEF5CB8B26EBD822C21021F6FA78FD29C1E211C2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:36:13.0581 0x12c4 umbus - ok
20:36:13.0601 0x12c4 [ 7550AD0C6998BA1CB4843E920EE0FEAC, 24C001E422C3B3B920CDCF6003A3179CE464DE4284775403DD5122EF9780460D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:36:13.0601 0x12c4 UmPass - ok
20:36:13.0651 0x12c4 [ 833FBB672460EFCE8011D262175FAD33, C0C3067A305993CBF056C229771CB0593DD60C9C7AC5130FF1CA610BCA812AB5 ] upnphost C:\Windows\System32\upnphost.dll
20:36:13.0681 0x12c4 upnphost - ok
20:36:13.0731 0x12c4 [ D4FB6ECC60A428564BA8768B0E23C0FC, 4170FB6D0D593B5C22F5B4F664F6253435208C8948AFB66C0D12E2B818BA6DD5 ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
20:36:13.0781 0x12c4 USBAAPL - ok
20:36:13.0821 0x12c4 [ 0803FBA9FE829D61AE26EC0BCC910C46, 30D00E2C7DFC630C99C1599587D4F9C272BC30D444E07C961AA05BF84587806B ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:36:13.0871 0x12c4 usbccgp - ok
20:36:13.0901 0x12c4 [ 2352AB5F9F8F097BF9D41D5A4718A041, 25BC7828C625B9B2A5110C25B230C5828CEC18EC97ECF9EC4745E8930CBF472C ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:36:13.0901 0x12c4 usbcir - ok
20:36:13.0941 0x12c4 [ D40855F89B69305140BBD7E9A3BA2DA6, 745DC6D770666F6B19C2B6AA89C21D1A314732E291453BFA2367F9AF86F97C3C ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:36:13.0941 0x12c4 usbehci - ok
20:36:13.0991 0x12c4 [ EDF2DF71C4F1E13A6AC75F5224DE655A, 1764D155C6B99201774B57195349304259232A12868ECFC2069CA49443EBDC2C ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:36:14.0011 0x12c4 usbhub - ok
20:36:14.0041 0x12c4 [ 9828C8D14CC2676421778F0DE638CF97, 479A28211FFB85190A01FAB0283B927588805D2C0CDB03F85F8F814B88E4F453 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:36:14.0041 0x12c4 usbohci - ok
20:36:14.0071 0x12c4 [ 797D862FE0875E75C7CC4C1AD7B30252, 1BBE745E4C85F8911076F6032ACD7A35FAC048D3CB1500C64E08D8B2C70A1069 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:36:14.0071 0x12c4 usbprint - ok
20:36:14.0111 0x12c4 [ 144DA53294922A84FFAA3D90B1453745, A8DC6B534E4526E2226CF6C9D53A4B6B251D2F23728E41737063D24024C5266F ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:36:14.0151 0x12c4 USBSTOR - ok
20:36:14.0191 0x12c4 [ 800AABFD625EEFF899F7E5496BDE37AB, 3EB7ED07760CB348FCA9A06C2B838EF79B51A83C5F70A9C9EAAEAE54480067E2 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:36:14.0201 0x12c4 usbuhci - ok
20:36:14.0211 0x12c4 [ 081E6E1C91AEC36758902A9F727CD23C, 9FDAA17A3B99067E035E5D76305427F15FFDBC5D304B2BB78AFC6463EDDE1A75 ] UxSms C:\Windows\System32\uxsms.dll
20:36:14.0221 0x12c4 UxSms - ok
20:36:14.0241 0x12c4 [ 910ED0DF49A5A02059BB224B99C689D2, 2A92C06DF0D18F80466B9CC0938EFC9DD04B4BACBAB28D18D10366EF26E15F09 ] VaultSvc C:\Windows\system32\lsass.exe
20:36:14.0241 0x12c4 VaultSvc - ok
20:36:14.0251 0x12c4 [ A059C4C3EDB09E07D21A8E5C0AABD3CB, BDD3729B49DF2E2FC72FFEF9D10235B481A671DE5A721B6B9A80873B7A343F07 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:36:14.0251 0x12c4 vdrvroot - ok
20:36:14.0311 0x12c4 [ C3CD30495687C2A2F66A65CA6FD89BE9, 582E4706C1D6A151020D14B26C7BF166F4E42BDD6E410F30EC452469270C5E9B ] vds C:\Windows\System32\vds.exe
20:36:14.0331 0x12c4 vds - ok
20:36:14.0351 0x12c4 [ 17C408214EA61696CEC9C66E388B14F3, 829C0416672E2B2DFABCFE641E7F281F41E8DBB3C0EF11C7784CB9BB94F87E97 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:36:14.0351 0x12c4 vga - ok
20:36:14.0371 0x12c4 [ 8E38096AD5C8570A6F1570A61E251561, 4DBA3C1397A2203548F45F006E66D99F837903F601ABBCE2304754F783CA8A39 ] VgaSave C:\Windows\System32\drivers\vga.sys
20:36:14.0371 0x12c4 VgaSave - ok
20:36:14.0401 0x12c4 [ 5461686CCA2FDA57B024547733AB42E3, 2721D0659AA890172FCAD4EC4D926B58ACD0EE4887DA51545DC7237420D5BF84 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:36:14.0411 0x12c4 vhdmp - ok
20:36:14.0441 0x12c4 [ C829317A37B4BEA8F39735D4B076E923, 55D1796AE750071E1E05BD7702B6C355CCFFE27B4C00E93E7044C3184732B497 ] viaagp C:\Windows\system32\drivers\viaagp.sys
20:36:14.0441 0x12c4 viaagp - ok
20:36:14.0461 0x12c4 [ E02F079A6AA107F06B16549C6E5C7B74, B530DCE3EE4F285B3D5F69F7148D17E016D54F04E6F93706B829A34567748788 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
20:36:14.0471 0x12c4 ViaC7 - ok
20:36:14.0491 0x12c4 [ E43574F6A56A0EE11809B48C09E4FD3C, 3687BF638E21C00E62ABFED70D728B91ADA08F7164CA898E654F31DA196589E9 ] viaide C:\Windows\system32\drivers\viaide.sys
20:36:14.0491 0x12c4 viaide - ok
20:36:14.0531 0x12c4 [ 4C63E00F2F4B5F86AB48A58CD990F212, 9796BD4B9CFEEEAF57C5E332A732EFC2770B21F9B35301A5D202F5FC52C1E035 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:36:14.0531 0x12c4 volmgr - ok
20:36:14.0561 0x12c4 [ B5BB72067DDDDBBFB04B2F89FF8C3C87, 65B9AD55F43940A5FDD88B6EC5034A7E375DF8E6F5F1AE6519A4BD6B7E992EBC ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:36:14.0581 0x12c4 volmgrx - ok
20:36:14.0591 0x12c4 [ F497F67932C6FA693D7DE2780631CFE7, DAE544ED99D2CF570DA31343BD87D2F856D0D13529656D38E1BF854C77F017F6 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:36:14.0611 0x12c4 volsnap - ok
20:36:14.0641 0x12c4 [ 9DFA0CC2F8855A04816729651175B631, 37FD9E43A2A3F125E94A315FB4CD8A1B5499A5FD74806EB2D1E5DA88C070D3A3 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:36:14.0641 0x12c4 vsmraid - ok
20:36:14.0711 0x12c4 [ 209A3B1901B83AEB8527ED211CCE9E4C, 1A431F6409F8E0531F600F8F988ECECECB902DA26BBAAF1DE74A5CAC29A7CB44 ] VSS C:\Windows\system32\vssvc.exe
20:36:14.0751 0x12c4 VSS - ok
20:36:14.0811 0x12c4 [ 682FCF7D2EB5158CD30408E976562408, F54477B6A140E975CBF41DE853822F5F453FE7AF9F6A256335CD52A5ECC29423 ] VSTHWBS2 C:\Windows\system32\DRIVERS\VSTBS23.SYS
20:36:14.0831 0x12c4 VSTHWBS2 - ok
20:36:14.0871 0x12c4 [ CEB4E3B6890E1E42DCA6694D9E59E1A0, 00D841690A88F1051A238F67AACCE905E8A59C86070F215A8D31FA3E68C6BF35 ] VST_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
20:36:14.0901 0x12c4 VST_DPV - ok
20:36:14.0921 0x12c4 [ 90567B1E658001E79D7C8BBD3DDE5AA6, EFC23BEEA7F54A2DC56CB523DAD1AF0358D904C5278BF08873910E2DB3F13557 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:36:14.0921 0x12c4 vwifibus - ok
20:36:14.0971 0x12c4 [ 55187FD710E27D5095D10A472C8BAF1C, AE298E2D3BA366BCBDC092C717214C181E8843FA564A6DFB07FC3238A5A68DC3 ] W32Time C:\Windows\system32\w32time.dll
20:36:14.0981 0x12c4 W32Time - ok
20:36:15.0071 0x12c4 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0, D5968069D934400A46B9FF92ECA9D7660BDC30C6909BA588AD49F7656246EE98 ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
20:36:15.0101 0x12c4 W3SVC - ok
20:36:15.0121 0x12c4 [ DE3721E89C653AA281428C8A69745D90, 501C78056ED4295625D8A5412025FD2F0CA24077044D3A5800BA79DF3D946516 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:36:15.0121 0x12c4 WacomPen - ok
20:36:15.0161 0x12c4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:36:15.0171 0x12c4 WANARP - ok
20:36:15.0171 0x12c4 [ 3C3C78515F5AB448B022BDF5B8FFDD2E, 35284174A42039C3C1FF8A3C8BC187A5E067C7782FC62D19749C2CB28C4E36C7 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:36:15.0171 0x12c4 Wanarpv6 - ok
20:36:15.0191 0x12c4 [ 57C8C20BFA5BEF6BD851EBAC67A8CED0, D5968069D934400A46B9FF92ECA9D7660BDC30C6909BA588AD49F7656246EE98 ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
20:36:15.0201 0x12c4 WAS - ok
20:36:15.0281 0x12c4 [ 353A04C273EC58475D8633E75CCD5604, FFAE53B6B53AEFC9E8A10BF27480E072D74430276BEB532FE1D473E9616D8CE0 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:36:15.0321 0x12c4 WatAdminSvc - ok
20:36:15.0381 0x12c4 [ 691E3285E53DCA558E1A84667F13E15A, 12EDB66EF8FC100402BEA221F354D3BD5542F6DDF715B6E7D873D6BAE7E3D329 ] wbengine C:\Windows\system32\wbengine.exe
20:36:15.0421 0x12c4 wbengine - ok
20:36:15.0441 0x12c4 [ 9614B5D29DC76AC3C29F6D2D3AA70E67, A2FFB92F0030B4CD771E862DA575ECCF2F3A5B4B85858C1241A0C59262C0EC88 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:36:15.0451 0x12c4 WbioSrvc - ok
20:36:15.0491 0x12c4 [ 34EEE0DFAADB4F691D6D5308A51315DC, A040A03E25A0C78B9E26F86C2DF95BCAF8E7EC90183CEB295615D3265350EBEE ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:36:15.0511 0x12c4 wcncsvc - ok
20:36:15.0522 0x12c4 [ 5D930B6357A6D2AF4D7653BDABBF352F, 677FF2ED14EE0B0CAA710DA81556CC16D5971DAB10E7C7432D167A87CA6F0EAA ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:36:15.0532 0x12c4 WcsPlugInService - ok
20:36:15.0542 0x12c4 [ 1112A9BADACB47B7C0BB0392E3158DFF, 1AE2AFA125973571F91E6945FE8A735F63D76EBB250A0075D98C580167FD9ED4 ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:36:15.0542 0x12c4 Wd - ok
20:36:15.0602 0x12c4 [ 25944D2CC49E0A6C581D02A74B7D6645, AF8FFAFEC07F1A6A3D4008E609E8E1D705A8DFCC7995C766E3946887203F7BEE ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:36:15.0632 0x12c4 Wdf01000 - ok
20:36:15.0672 0x12c4 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:36:15.0672 0x12c4 WdiServiceHost - ok
20:36:15.0682 0x12c4 [ DDE994E9159497D0D5AB2CDF66D1EAD6, 49BEDECA469C47E7622542D3B9BCD31ECDDAA27838495EC5C2F1338E33FEA877 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:36:15.0682 0x12c4 WdiSystemHost - ok
20:36:15.0732 0x12c4 [ 55C70654420DBF429604FD567E6F3CD3, 22191B049BCA76EF13AEDF8078E452E6B35E998A75AD63F14C542B541EA9F67D ] WebClient C:\Windows\System32\webclnt.dll
20:36:15.0752 0x12c4 WebClient - ok
20:36:15.0792 0x12c4 [ 760F0AFE937A77CFF27153206534F275, A53940BA28854486FF18F16B98A3314B36322B0B6EFB54D08B921315BEB0ADD5 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:36:15.0802 0x12c4 Wecsvc - ok
20:36:15.0812 0x12c4 [ AC804569BB2364FB6017370258A4091B, 1856F354146A5946F3E7D0DD09726FC8A3502B0F0776FEADDF10669C81CC28E2 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:36:15.0822 0x12c4 wercplsupport - ok
20:36:15.0872 0x12c4 [ 08E420D873E4FD85241EE2421B02C4A4, E1E9436EB096FF7DE9A76DA6217035257EF9FC7565DDB9016DCA3859E7F1EF0F ] WerSvc C:\Windows\System32\WerSvc.dll
20:36:15.0872 0x12c4 WerSvc - ok
20:36:15.0902 0x12c4 [ 8B9A943F3B53861F2BFAF6C186168F79, 88E2F79F32AFBA17CB8377A508B83A1EC2315E9F3A365F591C87FE4525AA6713 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:36:15.0902 0x12c4 WfpLwf - ok
20:36:15.0912 0x12c4 [ 5CF95B35E59E2A38023836FFF31BE64C, CEA21302B3E855EE592810D4E0DE10E47A47A393064C435463CD54598735CD8D ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:36:15.0912 0x12c4 WIMMount - ok
20:36:15.0942 0x12c4 [ BC0C7EA89194C299F051C24119000E17, F5FB21F7AD7370F3D5DF7C23F33118ECF19865B995AF12E9A8A8D893E7E6264F ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
20:36:15.0972 0x12c4 winachsf - ok
20:36:16.0052 0x12c4 [ 082CF481F659FAE0DE51AD060881EB47, BB67D2AF0BB9192D4CCF66C23D80CE5A1B38715556D94E2561DBF8F805FA30A5 ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
20:36:16.0072 0x12c4 WinDefend - ok
20:36:16.0112 0x12c4 WinHttpAutoProxySvc - ok
20:36:16.0202 0x12c4 [ F62E510B6AD4C21EB9FE8668ED251826, FA3E5CAC3E67E49377320CFBE4646585E6B62168292768FEA81E4623F9166890 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:36:16.0222 0x12c4 Winmgmt - ok
20:36:16.0292 0x12c4 [ 1DE9BD23AFA36150586C732D876D9B74, 32CF2C8EC18CFDA677AB72A182EB4B839DCC72BFCD6CA309BE2F434991CAE973 ] WinRM C:\Windows\system32\WsmSvc.dll
20:36:16.0332 0x12c4 WinRM - ok
20:36:16.0382 0x12c4 [ A67E5F9A400F3BD1BE3D80613B45F708, E170A8BD31A779403DC9C43ED6483DA8E186512D3EE700B87F6BA292E284E367 ] WinUsb C:\Windows\system32\drivers\WinUsb.sys
20:36:16.0382 0x12c4 WinUsb - ok
20:36:16.0442 0x12c4 [ 16935C98FF639D185086A3529B1F2067, E9C6B73A572A04FCE9B1B0E6815F941B10332D9A6D55B92927C2B1275F119091 ] Wlansvc C:\Windows\System32\wlansvc.dll
20:36:16.0482 0x12c4 Wlansvc - ok
20:36:16.0592 0x12c4 [ 0A70F4022EC2E14C159EFC4F69AA2477, FF248136576F9803762C54DE5439D3411B52DCBC95B93176A5DAB857967D9AC4 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:36:16.0652 0x12c4 wlidsvc - ok
20:36:16.0692 0x12c4 [ 0217679B8FCA58714C3BF2726D2CA84E, 4494984B922DCF24D37BCD0E6831CEBD07D1CA49235D04E821D17ED3DF84ED2A ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
20:36:16.0692 0x12c4 WmiAcpi - ok
20:36:16.0732 0x12c4 [ 6EB6B66517B048D87DC1856DDF1F4C3F, EBB534C4829477C70062ADBB5626236B02FE563A544C53FA255E79F3CA170FE8 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:36:16.0732 0x12c4 wmiApSrv - ok
20:36:16.0802 0x12c4 [ 3B40D3A61AA8C21B88AE57C58AB3122E, 6C67DCB007C3CDF2EB0BBF5FD89C32CD7800C20F7166872F8C387BE262C5CD21 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
20:36:16.0832 0x12c4 WMPNetworkSvc - ok
20:36:16.0852 0x12c4 [ A2F0EC770A92F2B3F9DE6D518E11409C, 6838F2148B11285E00DC449D51F8AD85AAE57694E89BA2C607B87AC1C650D845 ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:36:16.0862 0x12c4 WPCSvc - ok
20:36:16.0902 0x12c4 [ AA53356D60AF47EACC85BC617A4F3F66, 155CB8112AA382D841C1891750FF29EF4F1BF716CD9CDF0F2243209E2CCCAC98 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:36:16.0902 0x12c4 WPDBusEnum - ok
20:36:16.0942 0x12c4 [ 6DB3276587B853BF886B69528FDB048C, 9972FF6DF0DF6F86D1E9BCEF4C29064748B217DA196B0633C30D3D580144951C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:36:16.0942 0x12c4 ws2ifsl - ok
20:36:16.0952 0x12c4 [ 6F5D49EFE0E7164E03AE773A3FE25340, 15B6AFF7455538189A96F8863CC995A271E02C6FBDAC15B037D44DDA65E61339 ] wscsvc C:\Windows\System32\wscsvc.dll
20:36:16.0962 0x12c4 wscsvc - ok
20:36:16.0982 0x12c4 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9, 71FBE50C470D1F54FDAADCECEC2CB021AE240CD59DE4E8EB5BCAA6E7F2F86560 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
20:36:16.0982 0x12c4 WSDPrintDevice - ok
20:36:17.0012 0x12c4 [ 7DC0270CFD4A05B4112E3EBBF083B595, DF4FCDE511F0B68B6C6E28C820EB722C34710F31A16023A9A297EAD228E00137 ] WSDScan C:\Windows\system32\drivers\WSDScan.sys
20:36:17.0012 0x12c4 WSDScan - ok
20:36:17.0012 0x12c4 WSearch - ok
20:36:17.0142 0x12c4 [ E51B294DC4A0A944DDE468356CFBB4AC, 0C1B8768C0F8CD7A76E926A068AA994D9FC546A4FBFC8935C93F683A9A052762 ] wuauserv C:\Windows\system32\wuaueng.dll
20:36:17.0202 0x12c4 wuauserv - ok
20:36:17.0242 0x12c4 [ 06E6F32C8D0A3F66D956F57B43A2E070, 9A6BD96A28294B0372F16E13D652FD603308F64B74A56E41E0C68C5E8011F943 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:36:17.0242 0x12c4 WudfPf - ok
20:36:17.0292 0x12c4 [ 867C301E8B790040AE9CF6486E8041DF, D867D6498C987944D99508B2FAD6D6B749FA1EDFE8124B0863D4A642352F0855 ] WUDFRd C:\Windows\system32\drivers\WUDFRd.sys
20:36:17.0302 0x12c4 WUDFRd - ok
20:36:17.0362 0x12c4 [ FE47B7BC8EA320C2D9B5E5BF6E303765, 34518DBD1E9EA6E5DA62273B18613761E1D9C6B4E074A93C6D639FBAF02222EA ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:36:17.0372 0x12c4 wudfsvc - ok
20:36:17.0422 0x12c4 [ 7CC38741B8F68F1E0D5D79DA6123666A, F90D2DA1C9AFB506C381CD386E1430931B5F81813FEDFD720F87FBC54E7A00DA ] WwanSvc C:\Windows\System32\wwansvc.dll
20:36:17.0472 0x12c4 WwanSvc - ok
20:36:17.0492 0x12c4 ================ Scan global ===============================
20:36:17.0522 0x12c4 [ 5E7C5DE85AF978495C3A9A0B720B9811, 142CDEBED78E3BAEE8D2DBF6A97CE26313932024010548EC2E570CAE480AF7C3 ] C:\Windows\system32\basesrv.dll
20:36:17.0562 0x12c4 [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
20:36:17.0632 0x12c4 [ 090FF4D4A003291D7579A81089D06981, 2713E190F10A96E977C0BA5D38D89E8D123F7CB7D0180CFC0A4073EC42EDB2DB ] C:\Windows\system32\winsrv.dll
20:36:17.0662 0x12c4 [ 364455805E64882844EE9ACB72522830, 906561DBBB33F744844CF27E456226044C85DF0FCFD26DE1FD11E09E2CFA6F8F ] C:\Windows\system32\sxssrv.dll
20:36:17.0692 0x12c4 [ 0780A42DBD7D9969F9BF4A19AA4285B5, 8EA41124A4E97732C5DAA616457FBA7111CB38986F3427FA776ED00BC1407171 ] C:\Windows\system32\services.exe
20:36:17.0702 0x12c4 [ Global ] - ok
20:36:17.0702 0x12c4 ================ Scan MBR ==================================
20:36:17.0722 0x12c4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:36:17.0952 0x12c4 \Device\Harddisk0\DR0 - ok
20:36:17.0952 0x12c4 ================ Scan VBR ==================================
20:36:17.0952 0x12c4 [ 91A56400C36BB1A8AEA3388539842699 ] \Device\Harddisk0\DR0\Partition1
20:36:17.0982 0x12c4 \Device\Harddisk0\DR0\Partition1 - ok
20:36:17.0992 0x12c4 [ 53F7CEDF65DB15AFF5F4EC19219E4BEC ] \Device\Harddisk0\DR0\Partition2
20:36:17.0992 0x12c4 \Device\Harddisk0\DR0\Partition2 - ok
20:36:17.0992 0x12c4 ================ Scan generic autorun ======================
20:36:18.0162 0x12c4 [ B503285B5D1CAC5AE445D60C690DCFF9, FE62BEC9A594B1D7BFE597EF1F4713C038E7F4A6231A307D5FF3A70AF8BC01A1 ] C:\Windows\RtHDVCpl.exe
20:36:18.0312 0x12c4 RtHDVCpl - ok
20:36:18.0382 0x12c4 [ D6B7814AA0D1412F0EA77845C0AF7B51, 9946F3B26D2EF8DEABA95571107D3E6A018BB16FC4C609BDEB60B6139300F74E ] C:\Dell\E-Center\EULALauncher.exe
20:36:18.0482 0x12c4 ECenter - ok
20:36:18.0572 0x12c4 [ CE8F4D2B9C72FB38AC96B805512ADA58, AE6B8F2580473AA108FA0130F630DE32CC21279CD0ECC75788C9015C04C196FD ] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEVENT~1.EXE
20:36:18.0742 0x12c4 EEventManager - ok
20:36:18.0772 0x12c4 [ 68239842340DDFF8993DFD9127553EDA, 9FEC34A35D5A91FEF1C4859AFD0C2538C5CD3E1792FB118487368CFDF66CBCA0 ] C:\Windows\system32\igfxtray.exe
20:36:18.0782 0x12c4 IgfxTray - ok
20:36:18.0792 0x12c4 [ 004763BDF8E48244DBB9FDFDE3065EBC, AA88911C51D73C501C67F62A907425EF91D1820D3ED581F0952619EBB6216F14 ] C:\Windows\system32\hkcmd.exe
20:36:18.0802 0x12c4 HotKeysCmds - ok
20:36:18.0822 0x12c4 [ CD1102E5D340216138C7F56FA8D26998, 805BE128B6A52E304A91AD44B6A7322BAD5F72CD400DB5E74D8EF47424894266 ] C:\Windows\system32\igfxpers.exe
20:36:18.0822 0x12c4 Persistence - ok
20:36:18.0872 0x12c4 [ 01EAA324C4F55ACE8903A70D25E03F79, C92F750924B579B66F52E5243346AE02BA21551B48CD06AAE2E9D022412041F7 ] C:\MyHeritage\Bin\FTBCheckUpdates.exe
20:36:19.0002 0x12c4 Family Tree Builder Update - ok
20:36:19.0044 0x12c4 [ E971C2901BC0E9934D01D84AD127FAAF, 2DC4B1D898430CD152B16D0909C9DEF252579F91E093632E78D47F77CBFDC843 ] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
20:36:19.0054 0x12c4 APSDaemon - ok
20:36:19.0084 0x12c4 InstallerLauncher - ok
20:36:19.0164 0x12c4 [ EE4223FEE8AB8B9202FCA18036F157AE, 1B81391127BAB64E47DFC3C82143D8C370B80D4166CE5FFE30B96321C4DCCD51 ] c:\Program Files\Microsoft Security Client\msseces.exe
20:36:19.0204 0x12c4 MSC - ok
20:36:19.0314 0x12c4 [ 62E89499F73F5ABCC8F487AD33F3D298, 3AB25A375A9EBFFBA040C4BED3829FB1F8553E94FF3645901C9526A38BFA017E ] C:\PROGRA~1\eGames\BRICKS~1\Register\EGAMES~1.EXE
20:36:19.0384 0x12c4 1157840481 - ok
20:36:19.0414 0x12c4 [ 51138BEEA3E2C21EC44D0932C71762A8, 5AD3C37E6F2B9DB3EE8B5AEEDC474645DE90C66E3D95F8620C48102F1EBA4124 ] C:\Windows\system32\rundll32.exe
20:36:19.0424 0x12c4 Logitech Download Assistant - ok
20:36:19.0474 0x12c4 [ A254C5E3704630C25058CAB23D81CD2E, 4A7AF035BDA11A10CCFE67EE13542E37AABC5288DE21709981BDA2B9328F99E6 ] C:\Program Files\iTunes\iTunesHelper.exe
20:36:19.0494 0x12c4 iTunesHelper - ok
20:36:19.0614 0x12c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:36:19.0654 0x12c4 Sidebar - ok
20:36:19.0694 0x12c4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:36:19.0694 0x12c4 mctadmin - ok
20:36:19.0744 0x12c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:36:19.0764 0x12c4 Sidebar - ok
20:36:19.0774 0x12c4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:36:19.0784 0x12c4 mctadmin - ok
20:36:19.0854 0x12c4 [ A7DC47DBBE3C0384BA719DC4188AFA7E, FCC8F68A8E55AE2AB9B877A6E46DFC28411B68D09AEACA4792625B5150EFDCFD ] C:\Windows\ehome\ehTray.exe
20:36:19.0864 0x12c4 ehTray.exe - ok
20:36:19.0954 0x12c4 [ DE2E43689127AF5269FF999891D65F73, 33E01ACA130B15003515B552F35535EC322F4190EAEF8452A69604E341926F1D ] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEMA.EXE
20:36:19.0974 0x12c4 EPSON Artisan 800(Network) - ok
20:36:20.0074 0x12c4 [ 6BF7676296D5359AFC135A5397000053, D31B9BCB856D6EFDEA27E4D4D341FF939BCBF0E8C97786B447C2074B3C68298E ] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
20:36:20.0084 0x12c4 ISUSPM - ok
20:36:20.0174 0x12c4 [ 5D61BE7DB55B026A5D61A3EED09D0EAD, D32CC7B31A6F98C60ABC313ABC7D1143681F72DE2BB2604711A0BA20710CAAAE ] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
20:36:20.0174 0x12c4 swg - ok
20:36:20.0224 0x12c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files\Windows Sidebar\Sidebar.exe
20:36:20.0244 0x12c4 Sidebar - ok
20:36:20.0254 0x12c4 [ BBA1A5B86134F496B926DDAF247DB871, 636990AE49C55189B7EF69C419787440B57EC0BAD98A9C280E1028F741BB222E ] C:\Windows\System32\mctadmin.exe
20:36:20.0254 0x12c4 mctadmin - ok
20:36:20.0254 0x12c4 Waiting for KSN requests completion. In queue: 328
20:36:21.0254 0x12c4 Waiting for KSN requests completion. In queue: 328
20:36:22.0256 0x12c4 Waiting for KSN requests completion. In queue: 20
20:36:23.0276 0x12c4 AV detected via SS2: Microsoft Security Essentials, C:\Program Files\Microsoft Security Client\msseces.exe ( 4.9.218.0 ), 0x61000 ( enabled : updated )
20:36:23.0276 0x12c4 Win FW state via NFP2: enabled ( trusted )
20:36:26.0076 0x12c4 ============================================================
20:36:26.0076 0x12c4 Scan finished
20:36:26.0076 0x12c4 ============================================================
20:36:26.0086 0x15a4 Detected object count: 0
20:36:26.0086 0x15a4 Actual detected object count: 0
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 20, 2016 9:22 pm    Post subject: ESET scan Reply with quote

C:\Program Files\Alawar Elements\AddonsFramework.Typelib.dll a variant of Win32/Toolbar.Besttoolbars.I potentially unwanted application
C:\Program Files\Alawar Elements\AddonsFramework.Typelib64.dll a variant of Win64/Toolbar.Besttoolbars.B potentially unwanted application
C:\Program Files\Alawar Elements\BackgroundHost.exe a variant of Win32/Toolbar.Besttoolbars.G potentially unwanted application
C:\Program Files\Alawar Elements\BackgroundHost64.exe a variant of Win64/Toolbar.Besttoolbars.A potentially unwanted application
C:\Program Files\Alawar Elements\ScriptHost.dll a variant of Win32/Toolbar.Besttoolbars.J potentially unwanted application
C:\Program Files\Alawar Elements\ScriptHost64.dll a variant of Win32/Toolbar.Besttoolbars.J potentially unwanted application
C:\Program Files\Family Toolbar\tbcore3.dll a variant of Win32/Toolbar.Softomate.A potentially unwanted application
C:\Users\Deborah\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat May 21, 2016 12:14 am    Post subject: Reply with quote


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).


Code:
C:\Program Files\Alawar Elements
C:\Program Files\Family Toolbar
C:\Users\Deborah\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll
EmptyTemp:



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log



Next ....


  • Double click Frst64.exe to launch it.
  • FRST will start to run.

    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.

    Quote:
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;Alawar Elements;Alawar;Elements;Family Toolbar;Family;Toolbar


    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.



Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Sun May 22, 2016 10:38 am    Post subject: Uh Oh! Reply with quote

Um, I think we have a problem. My mom's computer on it's own without her permission decided to upgrade to windows 10. It's been bugging her to upgrade for months and she has kept refusing. Last night she finished a bigfish game, closed it, and went to fix dinner. All was normal. 3 hours later I came in to work on her computer and it was in the middle of the windows 10 upgrade. I didn't know win 10 could do that!!

I wasn't sure what to do, so I allowed it to finish. What should I do now? Do I need to roll back her computer to win 7 before I do the last steps you told me to do? Do I do the steps without rolling it back to win 7? Do I need to do something else entirely?

Please let me know.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sun May 22, 2016 9:00 pm    Post subject: Reply with quote

First of all, does she want to have Windows 10 as her OS ?

If she does, then leave the upgrade in place, if not then revert back to Windows 7.

Has the upgrade changed anything with regard to her problems ?

If not, then please follow the instructions in my last post, they should not really be affected by whether Windows 7 or Windows 10 is the OS.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Tue May 24, 2016 11:39 am    Post subject: Reply with quote

Still trying to decide about whether to keep win 10 or not. It appears to have helped, but not totally fixed her issues. So tonight I will be following your last instructions and posting logs.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Tue May 24, 2016 1:14 pm    Post subject: Reply with quote

Ok, talk to you once you've run the scan and I've seen the logs. Wink
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed May 25, 2016 1:15 pm    Post subject: Reply with quote

I tried to run FRST and received an error. So I deleted it and tried to download it again thinking perhaps the windows 10 upgrade had damaged it. I got another error. it said

Autolt Error

Line 3643 (File "c:\Users\Deborah\Downloads\FRST(2).exe"):

Error: Error Parsing Function call

ok


So I wasn't able to run FRST. What should I do?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed May 25, 2016 11:30 pm    Post subject: Reply with quote

FRST gets updated on pretty much a daily basis, so it might be that the copy you had problems with has been replaced.

So, first delete your current copy of FRST.exe (also FRST(2).exe) then download a new copy.

Now your Windows 7 install was 32 bit, whereas your Windows 10 install may be 64 bit (it depends on your underlying hardware), so if FRST.exe won't run, then try the 64 bit version of FRST (frst64.exe) ... http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ ... and see if that version will run.

Any problems please get back to me.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 27, 2016 3:38 pm    Post subject: Fixlog Reply with quote

Fix result of Farbar Recovery Scan Tool (x86) Version:25-05-2016 02
Ran by Deborah (2016-05-27 17:27:45) Run:2
Running from C:\Users\Deborah\Desktop\DEBI'S STUFF
Loaded Profiles: Deborah (Available Profiles: Deborah & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
C:\Program Files\Alawar Elements
C:\Program Files\Family Toolbar
C:\Users\Deborah\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll
EmptyTemp:
*****************

C:\Program Files\Alawar Elements => moved successfully
C:\Program Files\Family Toolbar => moved successfully
C:\Users\Deborah\AppData\LocalLow\Sun\Java\jre1.8.0_40\java_sp.dll => moved successfully
EmptyTemp: => 162.8 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:28:04 ====
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 27, 2016 3:39 pm    Post subject: Search.txt Reply with quote

Farbar Recovery Scan Tool (x86) Version:25-05-2016 02
Ran by Deborah (2016-05-27 17:36:32)
Running from C:\Users\Deborah\Desktop\DEBI'S STUFF
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;trovi;clientconnect;Alawar Elements;Alawar;Elements;Family Toolbar;Family;Toolbar" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{4f104da8-72cd-3ffd-9ebb-41ae1ca42cef}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.1\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Adobe\Photoshop Elements 5.0]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.1.false\C:\Program Files\Adobe\Photoshop Elements 5.0]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\Install\F5098T1L1]
""="C:\Program Files\Babylonia\khntrpq.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"


===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]
""="Microsoft.Workflow.DebugEngine.ControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]
""="Microsoft.Workflow.DebugEngine.ControllerConduit.10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]
""="IControllerConduit"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.10.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"6A9A0A510FC6EEE4E82190B6339FC27A"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"


===================== Search result for "clientconnect" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6CB0CB19-BD08-4366-8FED-9A70D2B61B8E}\InprocServer32]
"Class"="Microsoft.SqlServer.Dts.Runtime.Wrapper.FTPClientConnection100Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{799F8315-4367-4895-83C4-30F84793A045}\InprocServer32]
"Class"="Microsoft.SqlServer.Dts.Runtime.Wrapper.HttpClientConnection100Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8DD5142F-7E23-4c44-9DD7-98B9C7032535}]
""="INapEnforcementClientConnectionPrivate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD244906-70DD-4690-BEEA-648653393500}]
""="INapEnforcementClientConnection2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D0B21AC2-0477-4211-BB21-656E8381E8E1}]
""="IDTSFtpClientConnection100"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FB3A3505-DDB1-468A-B307-F328A57419D8}]
""="INapEnforcementClientConnection"


===================== Search result for "Alawar Elements" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar\CurVer]
""="Alawar Elements.Navbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject\CurVer]
""="Alawar Elements.ScriptHostObject.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1]
""="Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Tool\CurVer]
""="Alawar Elements.Tool.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}\InprocServer32]
""="C:\Program Files\Alawar Elements\ButtonSite.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}\VersionIndependentProgID]
""="Alawar Elements.Navbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}\InprocServer32]
""="C:\Program Files\Alawar Elements\ScriptHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}\VersionIndependentProgID]
""="Alawar Elements.Tool"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}\LocalServer32]
""=""C:\Program Files\Alawar Elements\BackgroundHost.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}\VersionIndependentProgID]
""="Alawar Elements.BackgroundHostObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1C3E898D-6143-494F-A000-79D980DAE5A5}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\ScriptHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{316B999A-8D18-455A-B934-30DB59B2C177}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\AddonsFramework.Typelib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{964B5888-1AC7-4987-9E61-98EBABBB9BA1}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\BackgroundHost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE7E7846-ED0C-46A3-93E7-F19DA8FC95E7}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\ButtonSite.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCAFB24-2125-40a8-AC7C-F97C2A46BD7F}]
"AppPath"="C:\Program Files\Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"UninstallString"="C:\Program Files\Alawar Elements\uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"URLInfoAbout"="http://alawar.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"InstDir"="C:\Program Files\Alawar Elements"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]


===================== Search result for "Alawar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Alawar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar\CurVer]
""="Alawar Elements.Navbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject\CurVer]
""="Alawar Elements.ScriptHostObject.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1]
""="Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Tool\CurVer]
""="Alawar Elements.Tool.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}\InprocServer32]
""="C:\Program Files\Alawar Elements\ButtonSite.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}\VersionIndependentProgID]
""="Alawar Elements.Navbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}\InprocServer32]
""="C:\Program Files\Alawar Elements\ScriptHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}\VersionIndependentProgID]
""="Alawar Elements.Tool"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}\LocalServer32]
""=""C:\Program Files\Alawar Elements\BackgroundHost.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}\VersionIndependentProgID]
""="Alawar Elements.BackgroundHostObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1C3E898D-6143-494F-A000-79D980DAE5A5}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\ScriptHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{316B999A-8D18-455A-B934-30DB59B2C177}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\AddonsFramework.Typelib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{964B5888-1AC7-4987-9E61-98EBABBB9BA1}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\BackgroundHost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE7E7846-ED0C-46A3-93E7-F19DA8FC95E7}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\ButtonSite.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCAFB24-2125-40a8-AC7C-F97C2A46BD7F}]
"AppPath"="C:\Program Files\Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"UninstallString"="C:\Program Files\Alawar Elements\uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"URLInfoAbout"="http://alawar.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"InstDir"="C:\Program Files\Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Aztec Bricks]
"DisplayIcon"="C:\Program Files\Alawar\AztecBricks\Aztec Bricks.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Aztec Bricks]
"InstallLocation"="C:\Program Files\Alawar\AztecBricks"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar\AlawarGameBox\InstalledGames\3933]
"ExePath"="C:\Program Files\Alawar\AztecBricks\Aztec Bricks.exe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar\Play\3933\Trial\alawar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\9189fd6b_0]
""="{0.0.0.00000000}.{c8a8636d-c5c5-417a-87f6-1b330b4550f8}|\Device\HarddiskVolume3\Program Files\Alawar\AztecBricks\Aztec Bricks.exe%b{00000000-0000-0000-0000-000000000000}"


===================== Search result for "Elements" ==========

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{104d93c7-1ff0-11e6-8b21-b87aafddc43b}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{4636856e-540f-4170-a130-a84776f4c654}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{5189b25c-5558-4bf2-bca4-289b11bd29e2}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{6d081e57-c441-11de-83f4-00219b0070dd}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{6d081e59-c441-11de-83f4-00219b0070dd}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{7728a1ee-1fef-11e6-8b21-b87aafddc43b}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{7ff607e0-4395-11db-b0de-0800200c9a66}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{b2721d73-1db4-4c62-bf78-c548a880142d}\Elements]

[HKEY_LOCAL_MACHINE\BCD00000000\Objects\{d7c4ab40-4dc1-11dd-9eea-806e6f6e6963}\Elements]

[HKEY_LOCAL_MACHINE\SOFTWARE\AlawarElements]

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\GameDB\F6365T1L1]
"ExecutablePath"="C:\Program Files\4 Elements II\npzjghc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\GameDB\F6365T1L1]
"Icon"="C:\Program Files\4 Elements II\pics\60x40.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\GameDB\F6365T1L1]
"feature"="C:\Program Files\4 Elements II\pics\feature.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\Install\F6365T1L1]
""="C:\Program Files\4 Elements II\npzjghc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar\CurVer]
""="Alawar Elements.Navbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject\CurVer]
""="Alawar Elements.ScriptHostObject.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1]
""="Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Tool\CurVer]
""="Alawar Elements.Tool.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{022BA4BE-26C9-495B-8829-1CDD5946720C}\InProcServer32]
""="C:\Windows\System32\DeviceElementSource.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}\ProgID]
""="Alawar Elements.Navbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E94CA61-50B3-4ACD-8276-1A281F3357F3}\InProcServer32]
""="C:\Windows\System32\DeviceElementSource.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}\InprocServer32]
""="C:\Program Files\Alawar Elements\ScriptHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}\VersionIndependentProgID]
""="Alawar Elements.Tool"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}\LocalServer32]
""=""C:\Program Files\Alawar Elements\BackgroundHost.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}\VersionIndependentProgID]
""="Alawar Elements.BackgroundHostObject"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED3AF319-8B2B-455F-91A2-AC3B76111C43}\InProcServer32]
""="C:\Windows\System32\DeviceElementSource.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{000244A6-0000-0000-C000-000000000046}]
""="TableStyleElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0344CDDA-151E-4CBF-82DA-66AE61E97754}]
""="IAppHostElementSchemaCollection"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0CFBC2B5-0D4E-11D3-8997-00C04F688DDE}]
""="CodeElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1cd2cc9b-a41c-5dc7-9d95-4cef69a293f4}]
""="IVectorView_1_Windows__CUI__CStartScreen__CSecondaryTileVisualElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{30510463-98B5-11CF-BB82-00AA00BDCE0B}]
""="IElementSelector"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{56988052-47DA-4A05-911A-E3D941F17145}]
""="IEnumTfLatticeElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6ef7c354-f153-5b53-99c2-e045c78cce08}]
""="IIterable_1_Windows__CUI__CStartScreen__CSecondaryTileVisualElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7B6FC982-3A0D-4ECE-AF96-CD17E1B00B2D}]
""="Windows__CUI__CStartScreen__CIVisualElementsRequestedEventArgs"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{88D67CB2-EF57-4E3D-82FA-0C8C03ACEF54}]
""="VCCodeElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{991BF865-68DE-4125-8203-A0CBD76AA973}]
""="VCDesignElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A1656EB0-0126-4357-8204-BD82BB2A046D}]
""="Windows__CUI__CStartScreen__CIVisualElementsRequestDeferral"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6B0FB57-7523-4439-9425-EBE99823B828}]
""="IEnumAssociationElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{bbc6e16c-cace-5230-8804-2298375168ac}]
""="IIterator_1_Windows__CUI__CStartScreen__CSecondaryTileVisualElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C138333A-9308-4072-88CC-D068DB347C68}]
""="Windows__CUI__CStartScreen__CIVisualElementsRequest"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DBD02F16-11A5-4E60-8CAA-34772148378A}]
""="Windows.Devices.WiFiDirect.IWiFiDirectInformationElementStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{ed460c68-6b09-55f2-829a-4bd7525eb780}]
""="IVector_1_Windows__CUI__CStartScreen__CSecondaryTileVisualElements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF13D885-642C-4709-99EC-B89561C6BC69}]
""="IAppHostElementSchema"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FD2E31D0-57DC-4794-8ECF-5682F5F3E6EF}]
""="Windows__CUI__CStartScreen__CISecondaryTileVisualElements2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PhotoshopElements.PSDFile.5]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1C3E898D-6143-494F-A000-79D980DAE5A5}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\ScriptHost.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{316B999A-8D18-455A-B934-30DB59B2C177}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\AddonsFramework.Typelib.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{964B5888-1AC7-4987-9E61-98EBABBB9BA1}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\BackgroundHost.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE7E7846-ED0C-46A3-93E7-F19DA8FC95E7}\1.0\0\win32]
""="C:\Program Files\Alawar Elements\ButtonSite.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\MULTIMEDIA\ALTERNATIVECODEC]
"Text"="Enable alternative codecs in HTML5 media elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\DragDrop\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}]
"AppName"="Acrobat Elements.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08f24d68-9087-4b24-81ad-7b34af3e3ed5}]
"AppName"="Acrobat Elements.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCAFB24-2125-40a8-AC7C-F97C2A46BD7F}]
"AppPath"="C:\Program Files\Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9da1d2cb-796d-4bec-bbaa-0aa9ccd80e15}]
"AppName"="Acrobat Elements.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\PhotoshopElementsEditor.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapabilityClasses\capabilityClass_Windows]
"MemberCapability"="applicationViewActivation
biometricSystem
confirmAppClose
contentDeliveryManagerSettings
cortanaSettings
developerSettings
gameConfigStoreManagement
hfxSystem
inputInjectionBrokered
liveIdService
lockScreenCreatives
microsoftEdgeRemoteDebugging
packageContents
perceptionSystem
shellExperience
storeAppInstall
storeConfiguration
userDataAccountSetup
userSigninSupport
userWebAccounts
visualElementsSystem
visualVoiceMail"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\SelectionElements]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\The Print Shop 21\Dswmedia\Adding Fun Photo Elements\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Adobe\Photoshop Elements\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Adobe\Photoshop Elements\5.0\Locale\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Adobe\Photoshop Elements\5.0\Locale\en_us\How-Tos\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Expression\Design\Strokes\Design Elements 1\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Microsoft Visual Studio 10.0\Xml\1033\Snippets\xsd\Elements\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0944699353C848942BBC211280AA7EF0]
"00000000000000000000000000000000"="C:\Program Files\Adobe\Photoshop Elements 5.0\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\11A6FA2CAC761374C8FF2A1D445425D8]
"6EA51B6D250BE3636BBB4C17C4AB5690"="c:\Program Files\Microsoft Visual Studio 10.0\Xml\1033\Snippets\xsd\Elements\all.snippet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2700785FC0B714C40873CF82C02ADEBE]
"4100899E11EB19845A4FF092718B65CB"="C:\ProgramData\Microsoft\Expression\Design\Strokes\Design Elements 2\DOTS 1.SKS"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2969691FCEAD11F55A0B798C6A7357FD]
"AAF2C5EFD81190545BD1F317CCE9B1E3"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\Elements.svg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3AA903E94E675894DBF6A69BB9C4D3F1]
"00000000000000000000000000000000"="C:\Program Files\Adobe\Photoshop Elements 5.0\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44726BE2D0C3A2E42AF82617DF4603E0]
"2FA03B551337634439819DAE544AF297"="C:\Program Files\The Print Shop 21\Dswmedia\Adding Fun Photo Elements\Thumbs.db"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F2483B94517522479EC53D549029CF0]
"2FA03B551337634439819DAE544AF297"="C:\Program Files\The Print Shop 21\Dswmedia\Using Art and Design Elements\art_1.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8F485D37A2CE8140A8861207C8AAE3C]
"6EA51B6D250BE3636BBB4C17C4AB5690"="c:\Program Files\Microsoft Visual Studio 10.0\VB\Snippets\1033\data\xml\XML - Query\FindChildElementsinanXMLFile.snippet"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D1234A0747E13514FAEDB414BB56F7D3]
"4100899E11EB19845A4FF092718B65CB"="C:\ProgramData\Microsoft\Expression\Design\Strokes\Design Elements 1\ANCIENT.sks"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-deviceelementsource_31bf3856ad364e35_none_aab922a0683e1503]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"UninstallString"="C:\Program Files\Alawar Elements\uninstall.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"URLInfoAbout"="http://alawar.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
"InstDir"="C:\Program Files\Alawar Elements"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-4 Elements II]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-4 Elements II]
"InstallPath"="C:\Program Files\4 Elements II"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-4 Elements II]
"VistaFlogger"=""C:\Program Files\4 Elements II\Uninstall.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Media.Streaming.Internal.ResElementSorter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{a50d2401-05ad-34f1-9980-4d1246508df7}]
"ActivatableClassId"="Windows.Media.Streaming.Internal.ResElementSorter"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\SelectionElements]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Adobe\Photoshop Elements]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Adobe\Photoshop Elements\5.0\common\settings\Elements MRU]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Adobe Photoshop Elements 5.ini]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\7ec3bb41_0]
""="{0.0.0.00000000}.{c8a8636d-c5c5-417a-87f6-1b330b4550f8}|\Device\HarddiskVolume3\Program Files\4 Elements II\4 Elements.exe%b{00000000-0000-0000-0000-000000000000}"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0\HTML Editor]
"ShowAspNonVisualElements"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\SelectionElements]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\ApplicationAssociationToasts]
"PhotoshopElements.PSDFile.5_.psd"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList]
"a"="PhotoshopElementsEditor.exe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\OpenWithProgids]
"PhotoshopElements.DNGFile.5"=""

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdd\OpenWithProgids]
"PhotoshopElements.Image.5"=""

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\OpenWithList]
"j"="PhotoshopElementsEditor.exe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\OpenWithProgids]
"PhotoshopElements.PSDFile.5"=""

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.1\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files\Adobe\Photoshop Elements 5.0]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.1.false\C:\Program Files\Adobe\Photoshop Elements 5.0]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Adobe\Photoshop Elements]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Adobe\Photoshop Elements]

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\SelectionElements]


===================== Search result for "Family Toolbar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\InprocServer32]
""="C:\Program Files\Family Toolbar\tbhelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2}\InprocServer32]
""="C:\Program Files\Family Toolbar\tbcore3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar]
""="Family Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3]
""="Family Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1EA6B471-CAD2-419A-9539-0586EEFE2D09}\1.0\0\win32]
""="C:\Program Files\Family Toolbar\tbhelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Toolbar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]
"toolbar_version"="Family Toolbar 1.0.3"


===================== Search result for "Family" ==========

[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DeviceIds\HP_Color_LaserJet_Family_Driver_PCL5]

[HKEY_LOCAL_MACHINE\DRIVERS\DriverDatabase\DeviceIds\HP_LaserJet_Family_Driver_PS]

[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1]
"Identifier"="x86 Family 6 Model 15 Stepping 13"

[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1]
"Identifier"="x86 Family 6 Model 15 Stepping 13"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\GameDB\F6985T1L1]
"ExecutablePath"="C:\Program Files\House of 1000 Doors - Family Secrets\spqqrls.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\GameDB\F6985T1L1]
"Icon"="C:\Program Files\House of 1000 Doors - Family Secrets\pics\60x40.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\GameDB\F6985T1L1]
"feature"="C:\Program Files\House of 1000 Doors - Family Secrets\pics\feature.jpg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\Install\F6985T1L1]
""="C:\Program Files\House of 1000 Doors - Family Secrets\spqqrls.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00F70E50-6009-4183-89DC-10CA66F75B26}\InprocServer32]
""="C:\Program Files\Windows Live\Family Safety\fsapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\InprocServer32]
""="C:\Program Files\Family Toolbar\tbhelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{435A98F3-D8CB-479A-8CAF-FB1874747D9B}\LocalServer32]
""="C:\PROGRA~1\WIC4A1~1\FAMILY~1\fsssvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{578fef39-5e60-4aaf-855b-b6be18ac223e}]
""="Family.Authentication.ProxyStub"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5914e885-9394-4baf-9cd9-71f57e4f6c90}]
""="Family.SyncEngine.ProxyStub"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66518C3C-AF24-4656-A58C-841484214B05}\InprocServer32]
""="C:\Program Files\Windows Live\Family Safety\fsapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DFD707-8549-483F-9B63-FF054EDB5428}\InprocServer32]
""="C:\Program Files\Windows Live\Family Safety\fsapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9A027D9F-AE6D-4116-AE94-BAB878D7EE47}\LocalServer32]
""="C:\PROGRA~1\WIC4A1~1\FAMILY~1\fsssvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B039282F-BE70-44BC-9862-966F4E95072F}]
""="Family.Cache.ProxyStub"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C01CF74D-FD2A-496B-A94A-603E598464CD}\InprocServer32]
""="C:\Program Files\Windows Live\Family Safety\fsssvcps.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EBF00FCB-0769-4b81-9BEC-6C05514111AA}]
""="FamilySafety.WebSync"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2}\InprocServer32]
""="C:\Program Files\Family Toolbar\tbcore3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\907FB492857D3634D8571074A92D9072]
"ProductName"="Windows Live Family Safety"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0a60f67b-923b-5c7a-91bd-44e44f66e6d7}]
""="__FIIterator_1_Windows__CInternal__CStateRepository__CApplicationFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0f2495e9-edd6-46ef-a1f3-36713f4b5114}]
""="IFamilySettingsStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{151437e7-21f4-4b84-afa8-11f6eeb82b7e}]
""="__x_Windows_CInternal_CStateRepository_CIPackageFamilyPolicyStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1e1a3924-60c2-4280-a185-65157c7a6cde}]
""="__x_Windows_CInternal_CStateRepository_CIPackageFamilyStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{250C9C1C-ECD9-41CC-BC70-3C2FEB7C440E}]
""="Family.SyncEngine.IPendingMembersLocalAccountResolver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2D60F06B-D25F-4D25-8653-E1C5E1108309}]
""="__x_Windows_CApplicationModel_CActivation_CIFileActivatedEventArgsWithCallerPackageFamilyName"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{33e5fea6-250e-5b1d-b3a3-410d94b3a743}]
""="__FIIterable_1_Windows__CInternal__CStateRepository__CPackageFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3FF1C9E7-97EB-42CA-9149-7BBDD7B142B1}]
""="IFamilySafetyServiceEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{40776055-7DBC-46C3-BA92-A64186164F68}]
""="IFamilySafetyServiceSecure"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{42502e07-24e8-5b39-afb3-34acf362c22b}]
""="__FIVectorView_1_Windows__CInternal__CStateRepository__CApplicationFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477D77AD-3AC4-47AD-9FC3-151690A6513B}]
""="Family.SyncEngine.ISyncMembersManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{48576EA5-E2D9-4C7C-ADAF-9DFBED43D9B9}]
""="Family.SyncEngine.IMembersLocalAccountResolver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5364AFEB-5237-4131-B05E-3A5F60181C36}]
""="Family.SyncEngine.ISyncMembersPolicyStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{5d4d5c0f-bed2-4016-a917-320bdd0ee602}]
""="__x_Windows_CInternal_CStateRepository_CIPackageFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{63ADDEF6-42CC-4432-971D-464D7D98417D}]
""="IFamilySafetyServiceEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6e434dba-32cb-4496-9541-1885d5836dbb}]
""="__x_Windows_CInternal_CStateRepository_CIApplicationFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{78ba48bc-172a-5508-8969-b08c789875f1}]
""="__FIIterator_1_Windows__CInternal__CStateRepository__CPackageFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{7c5d7261-6c56-5ada-ba62-04cf786b8f1b}]
""="__FIVector_1_Windows__CInternal__CStateRepository__CApplicationFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8447319c-9975-57ac-9708-7b93d5216498}]
""="__FIVectorView_1_Windows__CInternal__CStateRepository__CTargetDeviceFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8E332B08-4267-4DFE-B8D3-FFE62F14445B}]
""="IFamilySafetyUserEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{96362321-f8c2-591f-b3ef-32979d06a8bb}]
""="__FIVectorView_1_Windows__CInternal__CStateRepository__CPackageFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9e161eb4-c0ca-56a1-ac27-45cd92caef09}]
""="__FIIterator_1_Windows__CInternal__CStateRepository__CApplicationFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A0599565-B4D5-428D-916B-272D16B50862}]
""="IFamilySafetyServiceSecure"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A6089D50-D8C7-403B-9F7A-57616AC8116B}]
""="Family.Authentication.IFamilyUserAuthenticator"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A7DB3270-5402-482B-AF74-C37FFB32ADBE}]
""="Family.Cache.ILocalMember"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{b02067b6-aa5b-4de0-98cc-63c537530a2f}]
""="__x_Windows_CInternal_CStateRepository_CIApplicationFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BC24E308-9766-4F37-A231-B07F22204ABF}]
""="IFamilySafetyServiceSecure"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BF08018E-40A3-432D-A0A1-5D7DE83F50F0}]
""="Family.SyncEngine.ILocalAccountStore"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{C1FDDBE5-A35D-4C48-8794-E2FD98366FAB}]
""="IFamilySafetyUser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CB8C3AD7-F0EB-4924-AC19-62BA04E55C5E}]
""="Family.SyncEngine.IPendingMembersLocalAccountResolverResult"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D33EDAD6-A0C3-4C58-A54C-54CB98A35BF4}]
""="IFamilySafetyUser"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D702F4C1-CE87-4598-A5F2-AAC083C984BB}]
""="Family.Authentication.IFamilyAuthInfo"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{D84A0C12-5C8F-438C-83CB-C28FCC0B2FDB}]
""="__x_Windows_CApplicationModel_CActivation_CIProtocolActivatedEventArgsWithCallerPackageFamilyNameAndData"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{da46ca2b-6126-4aae-a5f7-672a94ca776c}]
""="__x_Windows_CInternal_CStateRepository_CIPackageFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3BF6178-694E-459F-A5A6-191EA0FFA1C7}]
""="IUPnPAddressFamilyControl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{e48d8f85-4ebb-5e4b-a847-5e731184a78b}]
""="__FIVector_1_Windows__CInternal__CStateRepository__CApplicationFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E62A1685-0D6D-4313-91C2-46F51F964518}]
""="Family.Cache.ILocalMemberStore"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{e7dafe36-3d1f-5365-b5f9-7c9fc22a0869}]
""="__FIVector_1_Windows__CInternal__CStateRepository__CPackageFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EE7D16C1-FCAF-48D1-9F20-E848BD52E244}]
""="Family.SyncEngine.IMemberLocalAccount"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F0080DB1-E893-467A-BDBB-6942DAF58C1C}]
""="Family.SyncEngine.ISyncMembersPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{f7bb2a4d-bb72-4828-9323-9673e46443e6}]
""="__x_Windows_CInternal_CStateRepository_CIApplicationFamilyPolicyStatics"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar]
""="Family Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3]
""="Family Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\1201]
"Family"="1200"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\21866]
"Family"="1251"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\28593]
"Family"="1254"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\28595]
"Family"="1251"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\28597]
"Family"="1253"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\38598]
"Family"="1255"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\50221]
"Family"="932"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\50225]
"Family"="949"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\50949]
"Family"="949"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\51949]
"Family"="949"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\65000]
"Family"="1200"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\708]
"Family"="1256"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\852]
"Family"="1250"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\866]
"Family"="1251"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1EA6B471-CAD2-419A-9539-0586EEFE2D09}\1.0\0\win32]
""="C:\Program Files\Family Toolbar\tbhelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E4E27F4C-C9BD-4E5F-A487-F87F4915CC93}\1.0\0\win32]
""="C:\Program Files\Windows Live\Family Safety\fsapi.tlb"

[HKEY_LOCAL_MACHINE\SOFTWARE\JavaSoft\Java Update\Policy]
"InstallOptions"="/installmethod=jau FAMILYUPGRADE=1 "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppServiceProtocols\windows.tbauth]
"PackageFamilyName"="Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FamilySafety]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FamilySafety\WPC]
"LogoImage"="C:\Program Files\Windows Live\Family Safety\fsuires.dll,-50012"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FamilySafety\WPC]
"Description"="C:\Program Files\Windows Live\Family Safety\fsui.dll,-50011"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FamilyStore\AuthConfig]
"ServiceUrl"="family.api.account.microsoft.com"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaEngine\MediaExtensions\EME\CDMS\com.microsoft.playready]
"PackageFamilyName"="Microsoft.Media.PlayReadyClient.2_8wekyb3d8bbwe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaEngine\MediaExtensions\EME\CDMS\com.microsoft.playready.software]
"PackageFamilyName"="Microsoft.Media.PlayReadyClient.2_8wekyb3d8bbwe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemSettings\SettingId\SystemSettings_Users_AddFamilyUser]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemSettings\SettingId\SystemSettings_Users_FamilyOnline]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemSettings\SettingId\SystemSettings_Users_FamilyUsersDescription]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemSettings\SettingId\SystemSettings_Users_FamilyUsersOutOfSyncStatus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\SupportedRuntimesForFxFamily]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\fsui.exe]
""="C:\Program Files\Windows Live\Family Safety\fsui.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\DIFx\DriverStore\fssfltr_A5FA3C925848FF31CD1FDE1A2696CEACA292B950]
"DisplayName"="Windows Live Family Safety"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"0862A72D-A96C-83E5-AD0F-78B6AA06F9C6"="{"WuCategoryId":"75f3f766-13b3-45e9-a62f-29590d5781f2","ProductId":"9WZDNCRFJ3T6","SkuId":"0010","PackageFamilyName":"Microsoft.3DBuilder_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"A90B8400-D36D-8235-8BF2-A21A53D3FB65"="{"WuCategoryId":"733893b8-533d-4292-bf27-23d218b39a95","ProductId":"9WZDNCRDTBVB","SkuId":"0010","PackageFamilyName":"Microsoft.WindowsMaps_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"1A7994D6-5342-8581-71FB-A2BD1C895D93"="{"WuCategoryId":"816798df-486f-4fc1-97d4-93896e34e108","ProductId":"9NBLGGH32PT4","SkuId":"0010","PackageFamilyName":"Microsoft.Appconnector_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"A8849751-10C4-3F5D-1F42-DA79DB2C7BE9"="{"WuCategoryId":"0e0fbaf6-fd99-4046-b494-9ce469ae3009","ProductId":"9WZDNCRFJ3PM","SkuId":"0010","PackageFamilyName":"Microsoft.WindowsPhone_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"3BFD26C9-8DA9-B940-F638-55890012AAB4"="{"WuCategoryId":"cd5d53b1-33f7-4a95-b111-f51f187c7130","ProductId":"9WZDNCRFJBBG","SkuId":"0010","PackageFamilyName":"Microsoft.WindowsCamera_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"6EA6FC2E-9305-586B-3411-02826D151533"="{"WuCategoryId":"64a79953-cf0b-44f9-b5c4-ee5df3a15c63","ProductId":"9WZDNCRFHVQM","SkuId":"0010","PackageFamilyName":"microsoft.windowscommunicationsapps_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"558F5D32-0827-EB7B-6AD6-D5DB4138B3AA"="{"WuCategoryId":"454a759b-ff5b-4a79-80d3-1cf15eba0908","ProductId":"9WZDNCRFJBH4","SkuId":"0010","PackageFamilyName":"Microsoft.Windows.Photos_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"0C8CF327-9D17-CCDE-18AF-DFF4F20070E5"="{"WuCategoryId":"9f03273f-fe0b-4ed8-9bc8-c2f256375490","ProductId":"9WZDNCRFHWKN","SkuId":"0010","PackageFamilyName":"Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"6D151227-6BD9-726D-B30E-A8A018DCC82B"="{"WuCategoryId":"16db93bf-8748-449a-96ba-e9ed3a5f872d","ProductId":"9WZDNCRFJ3PT","SkuId":"0010","PackageFamilyName":"Microsoft.ZuneMusic_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"9D4DED89-CABC-F4FB-8133-BC5EDB1C7EDA"="{"WuCategoryId":"64293252-5926-453c-9494-2d4021f1c78d","ProductId":"9WZDNCRFJBMP","SkuId":"0010","PackageFamilyName":"Microsoft.WindowsStore_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"E336BB8F-16ED-7CBE-AFEE-971DD3041585"="{"WuCategoryId":"f022389f-f3a6-417e-ad23-704fbdf57117","ProductId":"9WZDNCRFHVJL","SkuId":"0010","PackageFamilyName":"Microsoft.Office.OneNote_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"00D57B0F-01FA-B79F-08D6-878ED20C4C9B"="{"WuCategoryId":"1a36fd17-5161-4651-ae2d-13384e427ea8","ProductId":"9WZDNCRFHWD2","SkuId":"0010","PackageFamilyName":"Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"50611331-FE19-D366-B049-694B8AC9D758"="{"WuCategoryId":"7f354d0e-a913-4aa0-815d-3fa9fbff2bd8","ProductId":"9WZDNCRDTBJJ","SkuId":"0010","PackageFamilyName":"Microsoft.Getstarted_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"E6658C19-4221-2EBE-763A-F0493FBA2BB0"="{"WuCategoryId":"421ba874-f903-4965-9b82-d60f3ba3cae0","ProductId":"9WZDNCRFJ3Q2","SkuId":"0010","PackageFamilyName":"Microsoft.BingWeather_8wekyb3d8bbwe"}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Live\Family Safety\"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Windows Live\Family Safety\en\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Users\Deborah\AppData\Local\My Family Tree\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0226A5E6B405FA846803AFE277A423EF\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612063B07]
"4EA42A62D9304AC4784BF238120673BF"="02:\Software\JavaSoft\Java Runtime Environment\Java6FamilyVersion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612072B01]
"4EA42A62D9304AC4784BF238120712BF"="02:\Software\JavaSoft\Java Runtime Environment\Java7FamilyVersion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612075B01]
"4EA42A62D9304AC4784BF238120715BF"="02:\Software\JavaSoft\Java Runtime Environment\Java7FamilyVersion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612077B01]
"4EA42A62D9304AC4784BF230120717BF"="02:\Software\JavaSoft\Java Runtime Environment\Java7FamilyVersion"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0645E34F853521F48A7890C39E8A9FAB\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0A8D8A55319AD324280CDF41A5DF9897\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0B4E0E23BE716FC42B6E614575101650\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CBBF9A1F2F762540B8E1C36AA6796D3\E754886CDF30149429B32AF7D4247ADD]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0EA15CC7382E2B7419EF2DC661FB79CE\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\10E03B91CC4CD224D9E9964D077A6F2C\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\139BE83B7DAA3E448A02E4ABBEE6F927\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14DF68E2971CE654E8A61575DE242782\E754886CDF30149429B32AF7D4247ADD]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\19C2A71BEA844C646B42727A037FA8B7\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20693A70AB22C8144AE2CA9D57BD3219\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23B66791235EFE94884ACE31D774B284\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28625D2F07360864D88279D026C746BF\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2994CB06003C418409244051AF545E37\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2C86D0B7E4C30184881255A6D5870540\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D98414E31EA90843B3982D0327489D6]
"E876D35FF83217A4792480BB76479ECD"="C:\Program Files\Windows Live\Family Safety\fsui.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F717AE2F9759034AAC4DB699507158C\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3251C5F6C0B85514D92D8DAE98BD69BD\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\374F330528D73014E899FDBBA5F723EA\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\39E9E9462590B8A4C9818AC92E6AB850\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3C00A039659DD7F488EBE89857CED1A7\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\408E082C34FD2374F95C4976CB134AE0\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D80389801DA5F44AEEC1024EE5F740\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46C574B49327AEE4F961C2DD58B11A80\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\475BF4CDDD979D74E9FCB682E1335A07\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4875294F1F7E055469714A5C22367BC2]
"E876D35FF83217A4792480BB76479ECD"="02:\Software\Microsoft\FamilySafety\ProductCode"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4C66D2FDD6481E64E89320EE68E30F2C\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F55C3B2C9EEA5141AA5919F0B7DF358\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\503CF6D6F211C6A499E7A73E120660CE]
"E876D35FF83217A4792480BB76479ECD"="C:\Program Files\Windows Live\Family Safety\fsssvc.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51FC2EB95318F1849939C29E44AC0194\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\55C75C4BC74B54D45BE80C4F64B09703\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5ABF4B0331727FA4AA1798A34831C42F\5C77E691425F05B4DBA1C212EE9E8B7F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D227949A1FD6D24ABBEDB5664098647]
"E876D35FF83217A4792480BB76479ECD"="C:\Program Files\Windows Live\Family Safety\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6222ABBE019AA1C4FB062315ED82B9D4\868D758B0B8FEE34CBB29D5EDE122F73]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6336CD5EFA8CA0742AFB8C99B959B5E7\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\63EE99C189E33F94FAA852AF7E07E5FA\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\664C88F86D04EF94997AD87BC8B0872E\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\66854FAF7ACFCB146A3C26F12E70B0E4\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A500BBA52F96BE4E90B5247F4C58DE9\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6BD8B1EB5CE7CEB4787F70A75478B4F5\2E43F6A45E9061642B72A4624A886A9F]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\72B990C66A1EB3F48872D9BEE0793F19\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73F2AB479A048804C9B30C3FB724D235\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76483A9143CEC5646B87766625202A51\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7ACC72487F298FD4D8AEE5157F725073\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CF35CEF3290A1B4E828DF9C19ED014E\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\823F315F59976654B8E808FA5D65A4CB\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82B068A9AAEFF1F4AB05E6735FDD3A11]
"E876D35FF83217A4792480BB76479ECD"="C:\Program Files\Windows Live\Family Safety\fsapi.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\83F322E0131499E42AD7674C450EF1C6\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\85AE86F6EAA74604B923861337B37172\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\89C8AE841511C9B418EE274FF1C567EA\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8BDD638F08E2F394D90D0C839C5C7BFB\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9101C3C88B3DE2F47B912E631066C3BA\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\93B46F9FA78D0734B99F92E758A082F0\99DB51844A69EF948A58CD0FE6E9E487]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95578E3C57A369C499641E1AAEA6570C\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Compone
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 27, 2016 3:46 pm    Post subject: Reply with quote

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\99B6884927F4ED84192381F1EEB5B919\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9DF3901ECCB2C634893A44ADCA2280BE\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9F505ED709D131847872720B4EF870A3\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A0718803AD8EBD44FA2D650678859ECF\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A865D3C2FE8A09C429EB13EBF9E983B6\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA12D84BDD7ADFF4189BCD05F19A9325\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC9235E4DCF8280448BA828B06EC2629\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AFAB906E352295344B55BE4DFF1A984A\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B0EB34ECC57D84E40AFA15D36ADC8FD9\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B2BA6D13AFB7AC84094747D192242F14\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B79CAD2B6347940499984125B431BDD0\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA0A007F7036BDE4DA47AA1E40DE8E65\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC9D45E48ABDB5842BD3CF4E5E065B38\868D758B0B8FEE34CBB29D5EDE122F73]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C0CABEE675F1F164E8D9DC2006D47F72\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3C3B5387648F124C82166C4B78C3219\3CE12785E4D897B4CB1501452EDDDC01]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C757EA7CEDEA27746BFE9641638E6098\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8FAFDDFBA18A144DBD5C5EFE162FD29\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CF86C900C7D5D6C48972B3B6DDEF7058\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D33B105DBE3AC5142B13B9495AC95430\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6E89640CEBA52E44A6E8A532C7A0A43\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D8447F4BA3992D946836A0D9DC7463C8\868D758B0B8FEE34CBB29D5EDE122F73]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB96CAD8421F20B49A8CEB80E4422738\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1133739C418E64A9BD59FCE5699041\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E04A4AB25265DFD4590DA54DEA21631E]
"E876D35FF83217A4792480BB76479ECD"="C:\Program Files\Windows Live\Family Safety\WFP\fssfltr.inf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E0D918241FCE2374D95D4942FC13EB84\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E30FC1D557DD88E4B8D7A4BFC89FAE38\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E81358AFB0D5C1546907154A5088783D\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E9A2D24CEE54BE8438A5DEEF78B9770F\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EFFC2EA64C2315C489E10A5D98D466FA\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3518B9C1F95F2949A6864BFC9336371\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5A06A424653D9D46B8102AA5C152E6C\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7E1EB1FDBF584E4B8A3CFAC274FFA06\3323515BEEA94DC4D9C2F4AA8C07BD2E]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FCFE45E720540DE4C9D047767473EA8B\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF8BDAAEAC68E2C4296137C9296E8456\6BA4943F00966C14FA7528636228E78D]
"MediaCabinet"="PCW_CAB_Family01"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\68AB67CA7DA746454382080000000030\InstallProperties]
"URLUpdateInfo"="http://www.adobe.com/acrofamily/main.html"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\E876D35FF83217A4792480BB76479ECD\InstallProperties]
"HelpLink"="http://feedback.live.com/eform.aspx?productkey=wlfamilysafety"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Providers]
"{0DBCF85F-7552-498d-8CDB-0FDA20152755}"="Software\Microsoft\FamilySafety\WPC"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\PushNotifications\Applications\FamilySafety_Settings]
"PackageMoniker"="windows.familysafety_cw5n1h2txyewy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..l-family-deployment_31bf3856ad364e35_none_ee902858ecedaa33]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-shell-family-cache_31bf3856ad364e35_none_1e3a8a7353ae69a8]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_netfx4-servicing_key_productfamily_full_b03f5f7f11d50a3a_none_bd0369bec9c9bb30]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_wwf-servicing_key_productfamily_31bf3856ad364e35_none_6c0815dc1d6e080e]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-House of 1000 Doors - Family Secrets]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-House of 1000 Doors - Family Secrets]
"InstallPath"="C:\Program Files\House of 1000 Doors - Family Secrets"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BFG-House of 1000 Doors - Family Secrets]
"VistaFlogger"=""C:\Program Files\House of 1000 Doors - Family Secrets\Uninstall.exe""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Tree Builder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2285068]
"SQLProductFamilyCode"="{628F8F38-600E-493D-9946-F4178F20A8A9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB2977321]
"SQLProductFamilyCode"="{628F8F38-600E-493D-9946-F4178F20A8A9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB968369]
"SQLProductFamilyCode"="{628F8F38-600E-493D-9946-F4178F20A8A9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{294BF709-D758-4363-8D75-01479AD20927}]
"DisplayName"="Windows Live Family Safety"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F53D678E-238F-4A71-9742-08BB6774E9DC}]
"HelpLink"="http://feedback.live.com/eform.aspx?productkey=wlfamilysafety"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\EnterpriseResourceManager\AllowedNodePaths\CSP]
"Path3"="./Vendor/MSFT/Applocker/FamilySafety"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CosDeviceCache\401]
"HwId"="acpi\genuineintel_-_x86_family_6_model_15"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CosDeviceCache\405]
"HwId"="*genuineintel_-_x86_family_6_model_15"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontMapper\FamilyDefaults]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A38CA05-3D73-4B13-A6C9-FDCCCFC40AD5}]
"Path"="\Microsoft\Windows\Shell\FamilySafetyMonitor"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C629D080-0D09-4110-B8FD-67FFA485EE00}]
"Path"="\Microsoft\Windows\Shell\FamilySafetyRefresh"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Shell\FamilySafetyMonitor]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinSAT]
"PrimaryAdapterString"="Intel(R) G33/G31 Express Chipset Family (Microsoft Corporation - WDDM 1.0)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.Authentication.FamilyUserAuthenticator]
"DllPath"="C:\Windows\System32\Family.Authentication.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.Cache.LocalMember]
"DllPath"="C:\Windows\System32\Family.Cache.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.Cache.LocalMemberStore]
"DllPath"="C:\Windows\System32\Family.Cache.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.Cache.LocalMemberStoreBroker]
"DllPath"="C:\Windows\System32\Family.Cache.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.Client.FamilyHttpClient]
"DllPath"="C:\Windows\System32\Family.Client.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.Client.FamilyHttpClientConfig]
"DllPath"="C:\Windows\System32\Family.Client.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.LocalAccount]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.LocalAccountStore]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.MemberLocalAccount]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.MembersLocalAccountResolver]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.MembersLocalAccountResolverResult]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.PendingMemberLocalAccount]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.PendingMembersLocalAccountResolver]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.PendingMembersLocalAccountResolverResult]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.SyncMembersHandler]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.SyncMembersManager]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Family.SyncEngine.SyncMembersPolicy]
"DllPath"="C:\Windows\System32\Family.SyncEngine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.FamilySafety.Internal.FamilySettings]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.FamilySafety.Internal.UserInterface]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.ApplicationFamily]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.PackageFamily]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.TargetDeviceFamily]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.UI.Xaml.Media.FontFamily]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{05ce80b4-dd57-30d0-9b0e-f57c4a24bd22}]
"ActivatableClassId"="Family.SyncEngine.SyncMembersHandler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{46307c73-a682-3e35-9ecc-2a294fa953e7}]
"ActivatableClassId"="Family.SyncEngine.PendingMemberLocalAccount"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{61b3d21d-b898-376c-85bc-0ecb34cee86c}]
"ActivatableClassId"="Family.SyncEngine.SyncMembersManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{6837630b-1e76-36bb-8244-2471d051615c}]
"ActivatableClassId"="Windows.FamilySafety.Internal.UserSettings"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{825b5c65-49cc-3fb5-9e1d-08f34c7a7bcd}]
"ActivatableClassId"="Windows.FamilySafety.Internal.RatingManager"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{8c95c9c3-5f73-380e-b06c-62a16bbd4ee2}]
"ActivatableClassId"="Family.SyncEngine.MembersLocalAccountResolverResult"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{b095c072-7397-3e5a-abe3-7dd894789f53}]
"ActivatableClassId"="Windows.FamilySafety.Internal.FamilySettings"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{bec4d8ba-52df-3293-af12-41e05c2e4ee6}]
"ActivatableClassId"="Family.Cache.LocalMemberStoreBroker"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{c313d90d-73f0-31fa-9bf4-9f23dc22882d}]
"ActivatableClassId"="Windows.FamilySafety.Internal.UserInterface"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{ca9cf64d-27d2-3649-befe-bccd5fa96152}]
"ActivatableClassId"="Family.Cache.LocalMemberStore"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{d553822a-ae45-3e1e-ad40-00eef17cee62}]
"ActivatableClassId"="Family.Client.FamilyHttpClientConfig"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{e75585cb-b109-3171-a8c2-b970cd105e40}]
"ActivatableClassId"="Windows.Internal.StateRepository.ApplicationFamilyPolicy"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\CLSID\{f1a182e6-78ef-3498-a1ab-949668c1324d}]
"ActivatableClassId"="Windows.Internal.StateRepository.TargetDeviceFamily"

[HKEY_LOCAL_MACHINE\SOFTWARE\MyHeritage.com\Family Tree Builder]

[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\2\52C64B7E]
"@C:\PROGRA~1\WIC4A1~1\FAMILY~1\fsui.dll,-32000"="Windows Live Family Safety"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\SupportedRuntimesForFxFamily]

[HKEY_USERS\S-1-5-19\Console]
"FontFamily"="0"

[HKEY_USERS\S-1-5-19\Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe]
"FontFamily"="54"

[HKEY_USERS\S-1-5-20\Console]
"FontFamily"="0"

[HKEY_USERS\S-1-5-20\Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe]
"FontFamily"="54"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Console]
"FontFamily"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Console\%SystemRoot%_SysWOW64_WindowsPowerShell_v1.0_powershell.exe]
"FontFamily"="54"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Adobe\Photoshop Elements\5.0\common\settings\Elements MRU]
"file5"="C:\Users\Deborah\Pictures\Family\Census\e008209790.pdf"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Family Tree Builder.ini]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\JollyBear\Big City Adventure Vancouver\3DSettings]
"DriverDescription"="Intel(R) G33/G31 Express Chipset Family"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]
"toolbar_version"="Family Toolbar 1.0.3"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\savefamilyphotos.com]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\New Windows\Allow]
"www.familysearch.org"=""

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\MSNMessenger\RetailDbgZoneLevels]
"Zone_FamilySafety"="10"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\Common\Internet\Server Cache\http://www.bouvette.com/family/BRUCE_John_1831/]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\Common\Internet\Server Cache\http://www.buzzle.com/templates/family-tree/]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\OneNote\OpenNotebooks]
"4"="OneNote Notebooks\family tree"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\SupportedRuntimesForFxFamily]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Family Tree]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows Live\Installer\ProductStatus]
"familysafety"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CNGZ1JE\family_tree_builder
[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MyHeritage.com\Family Tree Builder]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d1b3fbf6e0603b\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsGroupFamilyUsers/Description}"="Allow family members to use this PC"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{071FF76C-4FD1-424A-BF23-B089EFB20D16}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{56696680-A9F0-4B7A-BD41-CCC74BEC81C1}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{A9B9905B-1162-488F-B741-2DC1A1AEC0E2}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{D81D3897-A2AB-4372-84E2-D76D4DA5AD28}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{F6FC3CF1-C20E-494F-87C7-21DE4F20D08E}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\VirtualStore\MACHINE\SOFTWARE\MyHeritage.com\Family Tree Builder]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\MrtCache\C:%5CWINDOWS%5CSystemResources%5CWindows.UI.SettingsAppThreshold%5CWindows.UI.SettingsAppThreshold.pri\1d1b3fbf6e0603b\326bcf6e]
"@{windows?ms-resource://Windows.UI.SettingsAppThreshold/SearchResources/SettingsGroupFamilyUsers/Description}"="Allow family members to use this PC"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{071FF76C-4FD1-424A-BF23-B089EFB20D16}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{56696680-A9F0-4B7A-BD41-CCC74BEC81C1}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{A9B9905B-1162-488F-B741-2DC1A1AEC0E2}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{D81D3897-A2AB-4372-84E2-D76D4DA5AD28}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Photos_8wekyb3d8bbwe\PersistedStorageItemTable\ManagedByApp\{F6FC3CF1-C20E-494F-87C7-21DE4F20D08E}]
"PackageFamilyName"="Microsoft.Windows.Photos_8wekyb3d8bbwe"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\VirtualStore\MACHINE\SOFTWARE\MyHeritage.com\Family Tree Builder]

[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\2\52C64B7E]
"@C:\PROGRA~1\WIC4A1~1\FAMILY~1\fsui.dll,-32000"="Windows Live Family Safety"

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\SupportedRuntimesForFxFamily]

===================== Search result for "Toolbar" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Big Fish Games\Persistence\EnabledToolbars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06BF8E77-0FEC-4bd3-AFD6-C949AE21E34B}]
""="NarratorToolBar Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\InprocServer32]
""="C:\Program Files\Family Toolbar\tbhelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\InprocServer32]
""="C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5E6AB780-7743-11CF-A12B-00AA004AE837}]
""="Microsoft Internet Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6134CEA9-DD6E-495C-A0D1-4F232027D7D7}\InprocServer32]
""="C:\Program Files\Google\GoogleToolbarNotifier\5.12.11510.1228\swg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}]
""="Microsoft Toolbar Control, version 6.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66833FE6-8583-11D1-B16A-00C0F0283628}\ProgID]
""="MSComctlLib.Toolbar.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}]
""="Microsoft Toolbar Control, version 6.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DC6F291-BF55-4E50-B619-EF672D9DCC58}\VersionIndependentProgID]
""="MSComctlLib.Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}]
""="Microsoft Toolbar Control 6.0 (SP6)"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B2ADD10-33B7-4506-9569-0A1E1DBBEBAE}\VersionIndependentProgID]
""="MSComctlLib.Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
""="Google Toolbar Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B20D5479-88CB-418e-A2F6-B4343B7680FE}]
""="NarratorToolBar Class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C27CCE37-8596-11D1-B16A-00C0F0283628}]
""="Toolbar General Property Page Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2}\InprocServer32]
""="C:\Program Files\Family Toolbar\tbcore3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F37AFD4F-E736-4980-8650-A486B1F2DF25}\ProgID]
""="Search.OutlookToolbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA44040-BD27-4A09-ACC8-C08B7C723DCD}]
"Depend"="C:\Program Files\Google\GoogleToolbarNotifier\5.12.11510.1228\gtn.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\COMCTL.Toolbar.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0]
"ProductName"="Google Toolbar for Internet Explorer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\18555481990E8AB4CBB63FB4F26006C0\SourceList]
"LastUsedSource"="n;1;C:\Program Files\Google\Google Toolbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0002085C-0000-0000-C000-000000000046}]
""="Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{0002085E-0000-0000-C000-000000000046}]
""="ToolbarButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2B3321EE-693F-4B46-9536-E44DAD8C6E60}]
""="IVsToolbarTrayHost"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2EFC69A8-5E06-436D-88D5-F099353356DA}]
""="IVsToolWindowToolbarHost2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{4544D333-8D5F-4517-9113-3550D618F2AD}]
""="IVsToolWindowToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{66833FE4-8583-11D1-B16A-00C0F0283628}]
""="IToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{795634D5-6F56-495F-A6EC-B4A462B3BD87}]
""="IBlogThisToolbarButton"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89FF3F5A-4BB5-CD43-A9AE-A40D8962C61A}]
""="IDNTPToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{93FF076F-ACC9-4D39-B07D-E9A4D6D1F4C7}]
""="IToolbarURLSearchHook"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{9F8F5A55-2564-4E24-902D-83C7D096D3D7}]
""="ILinksToolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CF7549A9-7A2A-4A6E-ACF4-05452C98CF7E}]
""="IVsToolWindowToolbarHost"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F6AB38B6-1C02-3B01-A7F8-510ED1C0B253}]
""="_ToolBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.IEToolbar\CurVer]
""="MHToolbar.IEToolbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.IEToolbar.1]
""="IE Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar]
""="Family Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar\CurVer]
""="MSComctlLib.Toolbar.2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSComctlLib.Toolbar.2]
""="Microsoft Toolbar Control, version 6.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.OutlookToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.OutlookToolbar\CurVer]
""="Search.OutlookToolbar.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Search.OutlookToolbar.1]
""="Search MAPI-Outlook Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1EA6B471-CAD2-419A-9539-0586EEFE2D09}\1.0\0\win32]
""="C:\Program Files\Family Toolbar\tbhelper.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C7CB459A-7261-4AE6-A87A-17041EE98A40}\1a.0\0\win32]
""="C:\Program Files\Google\GoogleToolbarNotifier\5.12.11510.1228\swg.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Corel\DVD10]
"TOOLBAR"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar\Component\NonManifest]
"C:\ProgramData\Google\Custom Buttons\toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Google Toolbar\Component\Used]
"GoogleToolbarDynamic_mui_en.dll"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\GoogleToolbarNotifier]

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.7619.1252_0"=""C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /execute:0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.7619.1252_2"=""C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /execute:2"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.7619.1252_4"=""C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /execute:4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.7619.1252_6"=""C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /execute:6"

[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\Clients\{F69EABDD-A4BB-4555-BE7E-1EA5F59BBA24}]
"cmd_7.5.7619.1252_8"=""C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe" /execute:8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}]
"DllName"="upromisetoolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
"DllName"="googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll;googletoolbar*.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D}]
"DllName"="IEDevToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{4E7BD74F-2B8D-469E-99FF-FD60BB9AAE2D}]
"DllName"="YPTOOLBAR.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}]
"DllName"="toolbaru.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
"DllName"="IEToolbar.dll;IEToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
"DllName"="PDFCreator_Toolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CC962137-2E78-4F94-975E-FC0C07DBD78F}]
"DllName"="IEDevToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12}]
"DllName"="ToolbarContainer101000317.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{F5BEA1B9-FEF6-4093-846D-753C42A1B00A}]
"DllName"="ClientKeeperToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1A972DAF-A7EC-4ce3-B6C9-7B523CD6685F}]
"AppName"="GoogleToolbarUser_32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{442E3CEB-D71B-11DA-8750-001185653D78}]
"AppName"="googletoolbar1user.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80B84A0A-EDA4-47fd-8BE1-6B49F4197EE5}]
"AppName"="GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e86e69ac-a2ce-415a-967e-70ded47d72e2}]
"AppPath"="c:\program files\goodsearch.com\goodsearch toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE0B94B9-335F-4d2c-8B43-DACCD1EA6FF1}]
"AppPath"="C:\Program Files\Google\Google Toolbar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\LockToolbars]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\UnattendBackup\ShowLeftAddressToolbar]
"ShowLeftAddressToolbar"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSN Apps\MSN Toolbar Suite]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Outlook\Addins\Search.OutlookToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
""="ToolBarPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
"HelpKeyword"="System.Windows.Controls.Primitives.ToolBarPanel"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
""="ToolBarTray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
"HelpKeyword"="System.Windows.Controls.ToolBarTray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
""="ToolBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
"HelpKeyword"="System.Windows.Controls.ToolBar"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Streams\Desktop]
"Default Toolbars"="0x1100000000000000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\Aqua\ToolBar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\Blue\ToolBar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\GoodSearch.com\GoodSearch Toolbar\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A4D7A5798AC14A4FB6388E150474B38]
"6EA51B6D250BE3636BBB4C17C4AB5690"="c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\Black\ToolBar\Border.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C86653C686F04A4389B9EF3525E24FB]
"2FA03B551337634439819DAE544AF297"="C:\Program Files\The Print Shop 21\PSToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CB827F524780034BAA70E3D4F8B826B]
"6EA51B6D250BE3636BBB4C17C4AB5690"="c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\Silver\ToolBar\Border.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\818BDE038DE77A55292B855116E3CAD8]
"AAF2C5EFD81190545BD1F317CCE9B1E3"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.resources\WebInspectorUI\Images\ReloadToolbar.svg"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8DC5436F9FD4274BB5240518DA5BDDD]
"6EA51B6D250BE3636BBB4C17C4AB5690"="c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\Aqua\ToolBar\Border.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6933250B7BC5494B94CA521DCE4197C]
"6EA51B6D250BE3636BBB4C17C4AB5690"="c:\Program Files\Microsoft Visual Studio 10.0\VC\atlmfc\include\Blue\ToolBar\Border.png"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\18555481990E8AB4CBB63FB4F26006C0\InstallProperties]
"InstallSource"="C:\Program Files\Google\Google Toolbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Settings\MCE.GlobalSettings]
"bindNavHintsToToolbars"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Toolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{18455581-E099-4BA8-BC6B-F34B2F06600C}]
"InstallSource"="C:\Program Files\Google\Google Toolbar\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayName"="Google Toolbar for Internet Explorer"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2318C2B1-4965-11d4-9B18-009027A5CD4F}]
"DisplayIcon"="C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_F3B2E431EE169D71.exe"

[HKEY_USERS\.DEFAULT\Software\Google\Google Toolbar]

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
""="ToolBarPanel"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
"HelpKeyword"="System.Windows.Controls.Primitives.ToolBarPanel"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
""="ToolBarTray"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
"HelpKeyword"="System.Windows.Controls.ToolBarTray"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
""="ToolBar"

[HKEY_USERS\.DEFAULT\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
"HelpKeyword"="System.Windows.Controls.ToolBar"

[HKEY_USERS\S-1-5-19\AppEvents\EventLabels\ShowBand]
""="Show Toolbar Band"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main]
"Show_ToolBar"="yes"

[HKEY_USERS\S-1-5-20\AppEvents\EventLabels\ShowBand]
""="Show Toolbar Band"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main]
"Show_ToolBar"="yes"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\AppEvents\EventLabels\ShowBand]
""="Show Toolbar Band"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Adobe\Acrobat Reader\DC\AVGeneral\cToolbars]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\AppDataLow\Google\GoogleEarthPlugin]
"toolbarVis"="false"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar0]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar10]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar12]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar2]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar4]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar6]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Bar8]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Broderbund Software\Print\advdraw\Toolbars-Summary]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.books]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.country]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.finance]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.groups]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.lucky]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.news]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.photos]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.site]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\google.web_history]
"ontoolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"URL"="http://toolbar.google.com/buttons/feeds/topbuttons/?hl=en&sd=com"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"link1"="http://toolbar.google.com/buttons/add?url=http://toolbar.google.com/buttons/defs/google.com_scholar.xml"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\S_toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.XML\Feed]
"link3"="http://toolbar.google.com/buttons/add?url=http://toolbar.google.com/buttons/defs/mail.google.com.xml"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\4.0\Options\Custom Buttons\U_toolbar.google.com_MXE8GT6B9RBHXCGLZ06L.xml]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Google Toolbar\ComponentDownloader]
"ReinstallToolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\GoogleToolbarNotifier]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\Toolbar EULA]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\CommandBar]
"ShowLeftAddressToolbar"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Caminova\DjVu Plug-In\Settings]
"ToolbarAtTop"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Google\GoogleToolbarNotifier]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]
"toolbar_version"="Family Toolbar 1.0.3"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]
"ToolbarSkin"=""

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar\tb_items]
"Toolbar_Type"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar\tb_items]
"Toolbar_Privacy"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar\tb_items]
"Update_Toolbar"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Neopets\Toolbar]
"ToolbarVisible"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\Main]
"Show_ToolBar"="yes"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\Safety\PrivacIE]
"DisableToolbars"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Journal\Landscape\Toolbars]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\Common\Toolbars]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\Common\Toolbars\Word]
"QuickAccessToolbarStyle"="4"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\PowerPoint\Options]
"ToolbarConfigSaved"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\Word\Data]
"ToolbarsWordMail"="0x4A000000A00100003B0000000201FFFF09000000000000000000120000010201030000FFFF0000FDFF1E0054005C015400010001020000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C0154000000000000006E610201FFFF0A000000000000000000120000010201039201FEFF2003FDFF1E0054005C015400010001029201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C0154000100000000006E610201FFFFEE010000000000000000120000040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E005400730154000200000001006E610201FFFF0C000000000000000000120000010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F0054000300000001006E610201FFFF0D000000000000000000120000030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D0010400000001006E610201FFFF0F000000000000000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154000500000001006E610201FFFFAA050000410118000100020000040202FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B034400000000006E610201FFFFBD000000000000000000120000010201FE00000000000000001E005300A0015300010201FE00000000000000001E005300A0015300010201FE00000000000000001E005300A0015300010201FE00000000000000001E005300A0015300010101FE00000000000000001E005300A0015300010201FE00000000000000001E005300A00153001B00000001006E610201FFFF0E000000080100000000120000040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D001040101FE0000000000000000C401D0010203D001040101FE0000000000000000C401D0010203D001040101FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D0010600000001006E610201FFFF10000000000000000000120000040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C0154000700000001006E610201FFFF64000000000000000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154000800000001006E610201FFFF65000000000000000000120000040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C0186000900000001006E610201FFFF13000000000000000000120000010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C0154000A00000001006E610201FFFF16000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154000B00000001006E610201FFFF15000000000100000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154000C00000001006E610201FFFF1F000000080100000000120000040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F20216010D00000001006E610201FFFF17000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154000E00000001006E610201FFFF18000000000000000200120000010201FE00000000000000001E0054005C015400010101030000FFFF0000FEFF1E0053008801A700010201FE00000000000000001E0054005C015400010101FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C0154000F00000000006E610201FFFF1A000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154001000000001006E610201FFFF23000000000000000000120000010201010000FBFF0000FDFF1E0054005C015400010201020000FBFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154001400000001006E610201FFFF24000000000000000000120000010201010000FCFF0000FDFF1E0054005C015400010201020000FCFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154001500000001006E610201FFFF18020000000100000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154001600000001006E610201FFFF84000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154001A00000001006E610201FFFF8B000000000000000000120000040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C6011C00000001006E610201FFFFA9000000000100000000120000040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C6011D00000001006E610201FFFFA7000000000100000000120000040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A011E00000001006E610201FFFF8C000000000000000000120000040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE000000000000000096015400020354001F00000001006E610201FFFF9F050000000100000000120000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C4019000020390002000000001006E610201FFFF8E050000000100000000120000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D5009000580290002100000001006E610201FFFF9B050000000100000000120000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F019000020390002200000001006E610201FFFF8E000000000000000000120000010201FE00000000000000001E005400FD015400010201FE00000000000000001E005400FD015400010001FE00000000000000001E005400FD015400010201FE00000000000000001E005400FD015400010201FE00000000000000001E005400FD015400010101012C010000710323001E005400FD0154002300000001006E610201FFFF19020000080100000000120000040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE000000000000000009025400020354002400000001006E610201FFFFF6010000000100000100020000040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F10209022500000000006E610201FFFFF4000000000000000000120000040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F0054002600000001006E610201FFFF12020000000000000000120000040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C4015400020354002800000001006E610201FFFF4D020000000000000000120000010201010000FDFF0000FDFF1E0054005C015400010201020000FDFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154002900000001006E610201FFFF4C020000000000000000120000010201010000FEFF0000FDFF1E0054005C015400010201020000FEFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154002A00000001006E610201FFFF04040000010100000400120000030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C0154003000000001006E610201FFFF41040000000000000000120000040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D0054003100000001006E610201FFFF90050000000000000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154003200000001006E610201FFFFD7050000000100000000120000040001FE00000000000000001E003E005C013E00040001FE00000000000000001E003E005C013E00040001FE000000000000000
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Fri May 27, 2016 3:50 pm    Post subject: Reply with quote

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Office\12.0\Word\Data]
"ToolbarsWordMail"="0x4A000000A00100003B0000000201FFFF09000000000000000000120000010201030000FFFF0000FDFF1E0054005C015400010001020000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C015400010001010000FFFF0000FFFF1E0054005C0154000000000000006E610201FFFF0A000000000000000000120000010201039201FEFF2003FDFF1E0054005C015400010001029201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C015400010001019201FEFF2003FEFF1E0054005C0154000100000000006E610201FFFFEE010000000000000000120000040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E00540073015400040001FE00000000000000001E005400730154000200000001006E610201FFFF0C000000000000000000120000010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F005400010201FE00000000000000001E0054005F0054000300000001006E610201FFFF0D000000000000000000120000030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D001030203FE00000000000000001E00D001E302D0010400000001006E610201FFFF0F000000000000000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154000500000001006E610201FFFFAA050000410118000100020000040202FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B03040002FE000000000000000046058D0072067B034400000000006E610201FFFFBD000000000000000000120000010201FE00000000000000001E005300A0015300010201FE00000000000000001E005300A0015300010201FE00000000000000001E005300A0015300010201FE00000000000000001E005300A0015300010101FE00000000000000001E005300A0015300010201FE00000000000000001E005300A00153001B00000001006E610201FFFF0E000000080100000000120000040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D001040101FE0000000000000000C401D0010203D001040101FE0000000000000000C401D0010203D001040101FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D0010600000001006E610201FFFF10000000000000000000120000040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C015400040201FE00000000000000001E0054005C0154000700000001006E610201FFFF64000000000000000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154000800000001006E610201FFFF65000000000000000000120000040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C018600040201FE00000000000000001E0086005C0186000900000001006E610201FFFF13000000000000000000120000010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C0154000A00000001006E610201FFFF16000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154000B00000001006E610201FFFF15000000000100000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154000C00000001006E610201FFFF1F000000080100000000120000040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F2021601040201FE00000000000000002D001601F20216010D00000001006E610201FFFF17000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154000E00000001006E610201FFFF18000000000000000200120000010201FE00000000000000001E0054005C015400010101030000FFFF0000FEFF1E0053008801A700010201FE00000000000000001E0054005C015400010101FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C015400010201FE00000000000000001E0054005C0154000F00000000006E610201FFFF1A000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154001000000001006E610201FFFF23000000000000000000120000010201010000FBFF0000FDFF1E0054005C015400010201020000FBFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154001400000001006E610201FFFF24000000000000000000120000010201010000FCFF0000FDFF1E0054005C015400010201020000FCFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154001500000001006E610201FFFF18020000000100000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154001600000001006E610201FFFF84000000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154001A00000001006E610201FFFF8B000000000000000000120000040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C601040203FE00000000000000008200C6016102C6011C00000001006E610201FFFFA9000000000100000000120000040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C601040003FE00000000000000007201C601B002C6011D00000001006E610201FFFFA7000000000100000000120000040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A01040003FE000000000000000072018A01B0028A011E00000001006E610201FFFF8C000000000000000000120000040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE00000000000000009601540002035400040203FE000000000000000096015400020354001F00000001006E610201FFFF9F050000000100000000120000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C401900002039000040203FE0000000000000000C4019000020390002000000001006E610201FFFF8E050000000100000000120000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D500900058029000040203FE0000000000000000D5009000580290002100000001006E610201FFFF9B050000000100000000120000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F01900002039000040203FE00000000000000007F019000020390002200000001006E610201FFFF8E000000000000000000120000010201FE00000000000000001E005400FD015400010201FE00000000000000001E005400FD015400010001FE00000000000000001E005400FD015400010201FE00000000000000001E005400FD015400010201FE00000000000000001E005400FD015400010101012C010000710323001E005400FD0154002300000001006E610201FFFF19020000080100000000120000040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE00000000000000000902540002035400040201FE000000000000000009025400020354002400000001006E610201FFFFF6010000000100000100020000040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F1020902040201FE0000000000000000AA02D001F10209022500000000006E610201FFFFF4000000000000000000120000040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F005400040001FE00000000000000001E0054005F0054002600000001006E610201FFFF12020000000000000000120000040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C401540002035400040203FE0000000000000000C4015400020354002800000001006E610201FFFF4D020000000000000000120000010201010000FDFF0000FDFF1E0054005C015400010201020000FDFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154002900000001006E610201FFFF4C020000000000000000120000010201010000FEFF0000FDFF1E0054005C015400010201020000FEFF0000FDFF1E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154000102010100000000000000001E0054005C0154002A00000001006E610201FFFF04040000010100000400120000030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C015400030003FE00000000000000001E0054005C0154003000000001006E610201FFFF41040000000000000000120000040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D005400040001FE00000000000000001E0054008D0054003100000001006E610201FFFF90050000000000000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154003200000001006E610201FFFFD7050000000100000000120000040001FE00000000000000001E003E005C013E00040001FE00000000000000001E003E005C013E00040001FE00000000000000001E003E005C013E00040001FE00000000000000001E003E005C013E00040001FE00000000000000001E003E005C013E00040001FE00000000000000001E003E005C013E003300000001006E610201FFFF25000000080100010100120000010201020000FFFF0000FDFF1E0054005C015400010201010000FFFF0000FDFF1E0054005C0154000100010000000000000000001E0054005C0154000100010000000000000000001E0054005C0154000102010000000000000000001E0054005C0154000102010000000000000000001E0054005C0154003400000000006E610201FFFF9F000000090100000000120000040201FE00000000000000001E0068005C016800040201FE00000000000000001E0068005C016800040201FE00000000000000001E0068005C016800040201FE00000000000000001E0068005C016800040201FE00000000000000001E0068005C016800040201FE00000000000000001E0068005C0168003600000001006E610201FFFF3D040000000000000000120000040003FE00000000000000001E005400E3025400040003FE00000000000000001E005400E3025400040003FE00000000000000001E005400E3025400040003FE00000000000000001E005400E3025400040003FE00000000000000001E005400E3025400040003FE00000000000000001E005400E30254003700000001006E610201FFFF92060000000000000000120000010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C015400010001FE00000000000000001E0054005C0154003800000001006E610201FFFFAE060000000000000000120000010001010000FFFF0000FDFF1E0054005C015400010001020000FFFF0000FDFF1E0054005C015400010001010000FFFF0000FDFF1E0054005C015400010001010000FFFF0000FDFF1E0054005C015400010001010000FFFF0000FDFF1E0054005C015400010001010000FFFF0000FDFF1E0054005C0154003900000001006E610201FFFFB5070000080100000000120000040101FE00000000000000001E0054005C015400040101FE00000000000000001E0054005C015400040101FE00000000000000001E0054005C015400040101FE00000000000000001E0054005C015400040101FE00000000000000001E0054005C015400040101FE00000000000000001E0054005C0154003B00000001006E610201FFFF60070000080100000000120000040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D001040001FE0000000000000000C401D0010203D0013C00000001006E610201FFFF8B070000000000000000120000040203FE0000000000000000DB01C4000203C400040203FE0000000000000000DB01C4000203C400040203FE0000000000000000DB01C4000203C400040203FE0000000000000000DB01C4000203C400040203FE0000000000000000DB01C4000203C400040203FE0000000000000000DB01C4000203C4003E00000001006E610201FFFF8C070000000000000000120000040203FE0000000000000000DB015C0002035C00040203FE0000000000000000DB015C0002035C00040203FE0000000000000000DB015C0002035C00040203FE0000000000000000DB015C0002035C00040203FE0000000000000000DB015C0002035C00040203FE0000000000000000DB015C0002035C003F00000001006E610201FFFFC8070000000000000000120000040201FE0000000000000000C401540002035400040201FE0000000000000000C401540002035400040201FE0000000000000000C401540002035400040201FE0000000000000000C401540002035400040201FE0000000000000000C401540002035400040201FE0000000000000000C4015400020354004000000001006E610201FFFF51090000000000000000120000010201040000FEFF0000FDFF1E005300A0015300010101FE00000000000000001E005300A0015300010101FE00000000000000001E005300A0015300010101FE00000000000000001E005300A0015300010101FE00000000000000001E005300A0015300010101FE00000000000000001E005300A00153003500000000006E610201FFFF13200000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154002B00000001006E610201FFFF09200000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154002C00000001006E610201FFFF0A200000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154002D00000001006E610201FFFF0D200000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154002E00000001006E610201FFFFEE210000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154002F00000001006E610201FFFFAE260000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154003A00000001006E610201FFFF8E200000090800000000120000040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C015400040001FE00000000000000001E0054005C0154003D00000001006E61"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0\Debugger]
"OwnerDrawDebugLocationToolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0\HTML Editor]
"ShowTagToolbar"="0"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
""="ToolBarPanel"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
"HelpKeyword"="System.Windows.Controls.Primitives.ToolBarPanel"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
""="ToolBarTray"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
"HelpKeyword"="System.Windows.Controls.ToolBarTray"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
""="ToolBar"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
"HelpKeyword"="System.Windows.Controls.ToolBar"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\wfs\MainFrame]
"ToolBar"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=""C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe""

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows Live\Toolbar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows Mail]
"ShowToolbarIEAK"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows Mail]
"Toolbar Text"="4"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows Mail\MailNote]
"Send Mail Toolbar Settings"="0xDB9D0000FFFFFFFF269D0000249E0000279D0000259D0000FFFFFFFF489D0000479D0000FFFFFFFF2D9D0000DC9D0000FFFFFFFF6B9D0000449D0000B99C0000"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\Deborah\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GCYTCV8A\GoogleToolbarInstaller_en32_signed.exe"="1"

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Neopets\Toolbar-FireFox]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar]

[HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Toolbar]

[HKEY_USERS\S-1-5-18\Software\Google\Google Toolbar]

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
""="ToolBarPanel"

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\1B734651FAF058AD6780EA98F13F7C61]
"HelpKeyword"="System.Windows.Controls.Primitives.ToolBarPanel"

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
""="ToolBarTray"

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\499FE2B17142504ACB3C771BE9FA931F]
"HelpKeyword"="System.Windows.Controls.ToolBarTray"

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
""="ToolBar"

[HKEY_USERS\S-1-5-18\Software\Microsoft\VisualStudio\10.0_Config\Packages\{e58c2a8b-bcc4-4559-ad59-d62eb6d58a22}\Toolbox\DefaultContent\35567B7D8568F6BD1C27D91C1ACB32DB\E6636D53DC126FEBE2C76FE849F26F]
"HelpKeyword"="System.Windows.Controls.ToolBar"

====== End of Search ======
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat May 28, 2016 8:33 am    Post subject: Reply with quote


  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).


Code:
C:\Program Files\Alawar Elements
C:\Program Files\Alawar
C:\Program Files\Family Toolbar

 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Tool\CurVer]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCAFB24-2125-40a8-AC7C-F97C2A46BD7F}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini]
 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Alawar]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]
 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar]
 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini]
 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2}]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3]
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Toolbar]
 [-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1C3E898D-6143-494F-A000-79D980DAE5A5}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{316B999A-8D18-455A-B934-30DB59B2C177}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{964B5888-1AC7-4987-9E61-98EBABBB9BA1}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE7E7846-ED0C-46A3-93E7-F19DA8FC95E7}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1EA6B471-CAD2-419A-9539-0586EEFE2D09}\1.0\0\win32" /ve /f



    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt



NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system


  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....

    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log and let me know how your computer is behaving now.


_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Mon May 30, 2016 8:55 pm    Post subject: Reply with quote

Sorry for the delay. I just got back from a weekend away. I will follow your instructions and post the log tomorrow evening.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Mon May 30, 2016 9:15 pm    Post subject: Reply with quote

OK, talk to you then.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed Jun 01, 2016 1:59 pm    Post subject: fixlog Reply with quote

Fix result of Farbar Recovery Scan Tool (x86) Version:01-06-2016
Ran by Deborah (2016-06-01 15:55:24) Run:3
Running from C:\Users\Deborah\Desktop\DEBI'S STUFF
Loaded Profiles: Deborah (Available Profiles: Deborah & DefaultAppPool)
Boot Mode: Normal

==============================================

fixlist content:
*****************
C:\Program Files\Alawar Elements
C:\Program Files\Alawar
C:\Program Files\Family Toolbar

[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Tool\CurVer]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCAFB24-2125-40a8-AC7C-F97C2A46BD7F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements]
[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini]
[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Alawar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1]
[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar]
[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini]
[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Toolbar]
[-HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar]
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1C3E898D-6143-494F-A000-79D980DAE5A5}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{316B999A-8D18-455A-B934-30DB59B2C177}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{964B5888-1AC7-4987-9E61-98EBABBB9BA1}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE7E7846-ED0C-46A3-93E7-F19DA8FC95E7}\1.0\0\win32" /ve /f
reg: reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1EA6B471-CAD2-419A-9539-0586EEFE2D09}\1.0\0\win32" /ve /f

*****************

"C:\Program Files\Alawar Elements" => not found.
C:\Program Files\Alawar => moved successfully
"C:\Program Files\Family Toolbar" => not found.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Trolltech => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1 => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Navbar => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.ScriptHostObject.1 => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.Tool\CurVer => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02873A3A-710E-40BF-83E7-76FDDEF2BC0E} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4751C3C7-3353-4F2E-AD9B-4A058C037D85} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{707B0ECF-D35C-4DC1-BB83-6491DD3A1A89} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DCAFB24-2125-40a8-AC7C-F97C2A46BD7F} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alawar Elements => key removed successfully.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini => key removed successfully.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Alawar => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Alawar => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Alawar Elements.BackgroundHostObject.1 => key not found.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar => key removed successfully.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\FLEXnet\Connect\db\Alawar Elements.ini => key not found.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Alawar Elements => key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2728CC-82DE-4900-8D55-25ED7714C6A2} => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3 => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MHToolbar.MHToolbar.3 => key removed successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Family Toolbar => key removed successfully.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_USERS\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1100672905-2365331096-1695293828-1000\Software\MHToolbar\Toolbar => key removed successfully.

========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1C3E898D-6143-494F-A000-79D980DAE5A5}\1.0\0\win32" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{316B999A-8D18-455A-B934-30DB59B2C177}\1.0\0\win32" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{964B5888-1AC7-4987-9E61-98EBABBB9BA1}\1.0\0\win32" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{EE7E7846-ED0C-46A3-93E7-F19DA8FC95E7}\1.0\0\win32" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg.exe delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{1EA6B471-CAD2-419A-9539-0586EEFE2D09}\1.0\0\win32" /ve /f =========

The operation completed successfully.



========= End of Reg: =========


==== End of Fixlog 15:58:24 ====
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed Jun 01, 2016 2:00 pm    Post subject: Reply with quote

I will test computer and see how it's working.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Wed Jun 01, 2016 11:20 pm    Post subject: Reply with quote

Talk to you then. Very Happy
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Sat Jun 04, 2016 10:07 am    Post subject: Reply with quote

Still having the same issue. I have also noticed that it sounds like the hard drive is spinning up when it shouldn't be. Like maybe something is running in the background?
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Jun 04, 2016 2:43 pm    Post subject: Reply with quote

OK, please follow these instructions for troubleshooting add-ons in Internet Explorer ... http://www.malwareremoval.com/forum/viewtopic.php?p=588796#p588796

And these for add-ons in Firefox ... http://www.malwareremoval.com/forum/viewtopic.php?p=590245#p590245

... and let me know if either resolves your browsing issues.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Mon Jun 06, 2016 9:37 pm    Post subject: Reply with quote

Ok, I should have an update for you tomorrow or Wednesday by the latest.
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Wed Jun 08, 2016 12:23 pm    Post subject: Reply with quote

Ok, Small problem. She is using Windows 10 and Microsoft Edge. As far as I can tell there is no way to manage add-ons in Edge.

She does still have internet explorer, but the start menu is laid out differently. So I was unable to locate the "run internet explorer without add-ons" as you instructed.

I searched high and low and this computer doesn't seem to have firefox on it anymore.

Sorry, but I struck out. Sad
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Jun 11, 2016 7:38 am    Post subject: Reply with quote

Sorry for being so late getting back to you, I didn't get the usual notification that you'd posted.

In future, if I haven't replied to one of your posts within 24 hours, please feel free to send me a PM.

OK, since she moved to using Edge, is she still having the same sorts of browsing issues as when she was using IE ????
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ldybadger
Junior Member


Joined: 06 May 2013
Last Visit: 27 Jun 2016
Posts: 45

PostPosted: Sat Jun 11, 2016 8:04 am    Post subject: Reply with quote

Don't worry about being late. I've been late a few times myself. Smile

Yes, using edge she still has the same problem.

I keep hearing the drive spin up when this happens. So I checked the task manager to see what's running. Every time it gets buggy, the resource manager says whichever browser she's using is suddenly using a bunch of resources, like 60%. This makes no sense to me as her computer has plenty of RAM. I don't know if this helps, but I thought I'd mention it.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 27 Jun 2017
Posts: 10182
Location: Yorkshire

PostPosted: Sat Jun 11, 2016 1:33 pm    Post subject: Reply with quote

OK, can you run another e-set scan for me please, I want to see if any of the malware we've removed has regenerated.


  • Please go HERE then click on Run ESET Online Scanner

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....

    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop

  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group