Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: Mr


(!)

eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
16-Apr-2012, 04:53 PM #61
Good grief, wasn't expecting all that in the registry. We'll update MBAM and run a scan later on.

We'll get rid of the actual folders though, which will help. Also, for all the stuff that you found and deleted but is left in the Recycle Bin, it should be okay to delete. I assume it was music, video's etc.

I did notice iMesh popped up. Do you still have that installed, as its another sharing program? Din't spot it at the beginning, just saw it now.

As for BF3, we'll have a look at that in a bit. Lets remove all the rubbish first.

------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote:
Folder::
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Documents\Vuze Download
C:\Program Files (x86)\MyWebSearch
C:\Users\tony\AppData\LocalLow\MyWebSearch
C:\Program Files (x86)\Maps4PC_0c
C:\Program Files (x86)\Maps4PC_0cEI
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Maps4PC_0c
C:\Users\tony\AppData\LocalLow\Maps4PC_0c
C:\Users\tony\AppData\LocalLow\Maps4PC_0cEI
C:\Program Files (x86)\iMesh Applications\MediaBar
C:\Users\tony\AppData\LocalLow\bearsharemediabartb
C:\Users\tony\AppData\LocalLow\mediabarim
C:\Users\tony\AppData\LocalLow\PriceGong
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Conduit
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Local\Conduit
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\ConduitEngi ne
C:\Users\tony\AppData\Local\Conduit
C:\Users\tony\AppData\Local\ConduitEngine
C:\Users\tony\AppData\LocalLow\Conduit
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar
C:\Users\tony\AppData\LocalLow\searchqutb
C:\Users\tony\AppData\LocalLow\alotappbar
C:\Program Files (x86)\BANDOO
C:\ProgramData\Bandoo
C:\Users\All Users\Bandoo
C:\Users\tony\AppData\Roaming\Bandoo
C:\Program Files (x86)\IObit
C:\ProgramData\IObit
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\IObit
C:\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Uninstaller
C:\Users\All Users\IObit
C:\Users\tony\AppData\Roaming\IObit
C:\System Volume Information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado
C:\Users\tony\AppData\Local\BearShare
C:\Users\tony\AppData\LocalLow\bearsharemediabartb
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire
C:\Users\tony\AppData\Roaming\LimeWire
C:\Program Files (x86)\Yontoo
C:\Users\tony\AppData\Local\Temp\YontooLayers
C:\Users\tony\AppData\Local\BearShare
C:\Users\tony\AppData\LocalLow\bearsharemediabartb
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


eddie
__________________
Just go with the flow, like a twig on the shoulders of a mighty stream

MVP in Consumer Security
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
16-Apr-2012, 04:54 PM #62
For BF3, do you still have Origin installed?
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 12:29 PM #63
sorry edie but when I clicked on csscript it did a complete scan I never had the screen you showed above so never had chance to put in the file!! and I do still have origin installed!
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 12:36 PM #64
I ment the combofix!
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 01:10 PM #65
wel I did as asked I think!!
and here is the HUGE file, probably in sections again!!
ComboFix 12-04-10.01 - tony 17/04/2012 17:44:55.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.6103.4005 [GMT 1:00]
Running from: c:\downloads\desktop\ComboFix.exe
Command switches used :: c:\users\tony\Documents\CFScript.txt
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\BANDOO
c:\program files (x86)\iMesh Applications\MediaBar
c:\program files (x86)\IObit
c:\program files (x86)\IObit\Game Booster\license.dat
c:\program files (x86)\Maps4PC_0c
c:\program files (x86)\Maps4PC_0c\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\Maps4PC_0c\bar\1.bin\chrome\0cffxtbr.jar
c:\program files (x86)\Maps4PC_0c\bar\1.bin\INSTALL.RDF
c:\program files (x86)\Maps4PC_0c\bar\1.bin\LOGO.BMP
c:\program files (x86)\Maps4PC_0c\bar\IE9Mesg\COMMON.T8S
c:\program files (x86)\Maps4PC_0c\bar\Message\COMMON.T8S
c:\program files (x86)\Maps4PC_0c\bar\Settings\s_pid.dat
c:\program files (x86)\Maps4PC_0cEI
c:\program files (x86)\Yontoo
c:\program files (x86)\Yontoo\YontooIEClient.dll
c:\program files (x86)\Yontoo\YontooIEClient_2.dll
c:\programdata\Bandoo
c:\programdata\IObit
c:\programdata\IObit\Game Booster\GameBooster.ini
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe
c:\programdata\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Conduit
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Conduit\Community Alerts\Alert.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Conduit\Community Alerts\Alert0.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngin0.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngin1.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngine.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngineHelper.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\ConduitEngineUninstall.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\prxConduitEngine.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\ConduitEngine\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\BlueBirdInit.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\datastate.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_ia64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_ia64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_amd64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_ia64\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wnet_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\fav.ico
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\FileMonitor.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IMFUpdater.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IntegrateFilter.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IObitCommunities.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IObitUninstal.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\IWsIMF.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\LatestNews\LatestNews.ini
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\RegFilter.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\Scan.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\StartMenu.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\taskmgr.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\TaskSchedule.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\unins001.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\URLFilter.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\win7_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wlh_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wnet_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x64\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragBootTime.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\drivers\wxp_x86\SmartDefragDriver.sys
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\SDDriverMgr.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\SDInit.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\Skins\Black\Layout.ini
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\Skins\White\Layout.ini
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\taskMgr.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\IObit\Smart Defrag 2\unins000.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Maps4PC_0c
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\Radio_Bar_1ToolbarHelper.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\tbRadi.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Radio_Bar_1\UNWISE.EXE
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\prxtbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuz0.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuz1.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\tbVuze.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\uninstall.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\UNWISE.EXE
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Vuze_Remote\Vuze_RemoteToolbarHelper1.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\main.ico
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\lib\external.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217\widget.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\gameData.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\components\windowmediator.js
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\uninstall.exe
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\UNWISE.EXE
c:\system volume information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\UnwiseLauncher.exe
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado\BitTornado.lnk
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTornado\Uninstall.lnk
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\IObit Malware Fighter.lnk
c:\system volume information\SystemRestore\FRStaging\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\Uninstall IObit Malware Fighter.lnk
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Conduit
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Conduit\CT2504 091\Vuze_RemoteAutoUpdaterHelper.exe
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\AddedAppDialog\app-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\DetectedAppDialog\app-2go.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\DialogsAPI.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\excanvas.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\PIE.htc
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\SearchProtectorDialog\SearchProtector.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\settings.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDialog .js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\Di alogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\tb Vuz2.dll
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Local\Vuze_Remote\to olbar.cfg
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\AddedAppDialog\app-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\DetectedAppDialog\app-2go.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\DialogsAPI.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\EngineFirstTimeDialog\EngineFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\excanvas.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\PIE.htc
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\SearchProtectorDialog\SearchProtector.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\settings.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\ToolbarFirstTimeDialog\ToolbarFirstTimeDialog.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\ToolbarUntrustedAppsApprovalDialog\ToolbarUntrustedAppsApprovalDia log.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\UntrustedAddedAppDialog\UT-app-dialog-added.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\UntrustedAppApprovalDialog\UT-app-dialog-needs-your-approval.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \Dialogs\UntrustedAppPendingDialog\UT-app-dialog-is-waiting.js
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \tbVuz2.dll
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\LocalLow\Vuze_Remote \toolbar.cfg
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter\config.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter\ignore.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Malware Fighter\remember.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\AppData\Roaming\IObit\Smart Defrag 2\Config.ini
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire\Saved\pro sharaeza [crack][fixed]\patch.nfo
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire\Saved\pro sharaeza[keygenKaXaY]\patch.nfo
c:\system volume information\SystemRestore\FRStaging\Users\tony\Documents\LimeWire\Saved\tra ck001\play_mp3.nfo
c:\users\All Users\IObit\Game Booster\GameBooster.ini
c:\users\tony\AppData\Local\BearShare
c:\users\tony\AppData\Local\Conduit
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\DialogsAPI.js
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\PIE.htc
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\settings.js
c:\users\tony\AppData\Local\Conduit\Community Alerts\Dialogs\version.txt
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=897164&fid=892962.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=909619&fid=905414.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_UK.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml
c:\users\tony\AppData\Local\Conduit\Community Alerts\LanguagePacks\en.xml
c:\users\tony\AppData\Local\ConduitEngine
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_About_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Browse_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Contact_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Hide_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_Conduit _com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_More_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_MoveLeft_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_MoveRight_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Options_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Share_png.png
c:\users\tony\AppData\Local\ConduitEngine\CacheIcons\http___storage_conduit _com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png
c:\users\tony\AppData\Local\ConduitEngine\ConduitEngine.dll
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 01:12 PM #66
2nd!
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\AddedAppDialog\app-added.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\AddedAppDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DefualtImages\icon.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DetectedAppDialog\app-2go.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DetectedAppDialog\main.ht ml
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\DialogsAPI.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\EngineFirstTimeDialog\Eng ineFirstTimeDialog.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\EngineFirstTimeDialog\mai n.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\EngineFirstTimeDialog\rig ht-click.gif
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\excanvas.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\generalDialogStyle.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\PIE.htc
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\RoundedCorners.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\RoundedCornersIE9.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Ima ges\info.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Ima ges\ok-on.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Ima ges\ok.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\mai n.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Sea rchProtector.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\SearchProtectorDialog\Sea rchProtector.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\settings.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\app-store-icon.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\arrow.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\divider.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\emailNotifier.gif
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\facebook.png
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\radio.GIF
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\Thumbs.db
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\truste_welcome.GIF
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\im ages\weather.GIF
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\ma in.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\To olbarFirstTimeDialog.css
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarFirstTimeDialog\To olbarFirstTimeDialog.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarUntrustedAppsAppro valDialog\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\ToolbarUntrustedAppsAppro valDialog\ToolbarUntrustedAppsApprovalDialog.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAddedAppDialog\m ain.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAddedAppDialog\U T-app-dialog-added.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppApprovalDialo g\main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppApprovalDialo g\UT-app-dialog-needs-your-approval.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppPendingDialog \main.html
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\UntrustedAppPendingDialog \UT-app-dialog-is-waiting.js
c:\users\tony\AppData\Local\ConduitEngine\Dialogs\version.txt
c:\users\tony\AppData\Local\ConduitEngine\EngineSettings.json
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextm enu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu&local e=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextm enu_app_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=appContextMenu2_0&lo cale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextm enu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu&lo cale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\ExternalComponent\http___contextm enu_engine_conduit-services_com_apps_TranslatedApps_ashx_productId=1&name=engineContextMenu2_0 &locale=en-gb.xml
c:\users\tony\AppData\Local\ConduitEngine\Repository\conduit_ConduitEngine\ dynamicDialogs\data.txt
c:\users\tony\AppData\Local\ConduitEngine\toolbar.cfg
c:\users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\users\tony\AppData\LocalLow\alotappbar
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_1007\images\1d14fe3 350fef6b2cc0a4aa18ac5b0db.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_1008\images\88ac62c afc726fd05565fbb5981844b6.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_1612\images\4cb9274 52934d40a524bcd2eb975243f.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_2236\images\e19573a 183f93bca062661bbb11462af.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_2254\images\8cffb8b 3ba4df43dea939ac6952b3f2f.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_3562\images\d5aed71 4f2ab2d7fd8fd3f0b12d30a11.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_4629\images\7b2fdf9 965fe4ff9b4ccddc50297c066.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_4646\images\d266238 ef1b54a74043dfbe7eac42ef4.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_5511\images\fb796f5 6943073aada06a608516f386b.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_55411\images\b4aea8 70790b204b1b0945551ba97d45.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_5809\images\dea8561 1eacb320a29fe17b8907b7e05.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_5862\images\31b7f2c 3bcbce9030f42ad480a938327.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\App_7035\images\d29600b 50183c9cf8d52487c994299aa.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\domains.dat
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\add-app-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\add-app.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-13x13.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-16x16.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-65x34-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-65x34.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\alot-logo-95x55.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\cog-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\cog.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\discover. png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\error-icon.jpg
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\favicon.i co
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\loading.b mp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\magnifyin g-glass.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\search-button-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\search-button.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\blu e\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\gre en\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\ora nge\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pal ette-hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pal ette.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\pin k\swatch.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndard\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardClassic\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\appbar-bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\divider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\bg.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\left\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\left\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\left\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\right\hover.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\right\normal.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\page\right\not-available.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\theme\sta ndardWin7\slider.png
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\ca ption-bg.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\cl ose-hover.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\cl ose.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\co nfigure-hover.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\co nfigure.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\re fresh-hover.bmp
c:\users\tony\AppData\LocalLow\alotappbar\resources\shared\images\widget\re fresh.bmp
c:\users\tony\AppData\LocalLow\alotappbar\toolbar.xml
c:\users\tony\AppData\LocalLow\alotappbar\toolbar.xml.backup
c:\users\tony\AppData\LocalLow\bearsharemediabartb
c:\users\tony\AppData\LocalLow\bearsharemediabartb\dtx.ini
c:\users\tony\AppData\LocalLow\bearsharemediabartb\guid.dat
c:\users\tony\AppData\LocalLow\Conduit
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\CacheIcons\http___alert_storage_conduit_com_57_1_15257_Images_634035 703069522500_png.png
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=800208&fid=796027.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=897164&fid=892962.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com__aid=909619&fid=905414.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_15257_14923_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_15257_14923_US.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_800208_796027_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_897164_892962_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_UK.xml
c:\users\tony\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml
c:\users\tony\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_con duit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=5_7_1_1. xml
c:\users\tony\AppData\LocalLow\Maps4PC_0c
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094AF4
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094E00
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094F38.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00094FD4.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00095051.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\0009508F.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\000950DD.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\0009621C.jhtml
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\0009894B
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\00099CEA.bmp
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Cache\files.ini
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\History\search3
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\btmarrow.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\cancel.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\config.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\continue.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\dispatch.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\divider.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\gcancel.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\index.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\infobar.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\jquery.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\la.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lbcs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lbms.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lca.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcfc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcm.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lcso.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lctn.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ldb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ldbg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lddg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lff.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lffb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lgs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lgw.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lha.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lhp.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lia.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\liwon.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lkazulah.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmd.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmfc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmh.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmma.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmosh.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmwf.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lmws.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lobm.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\loryte.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lpss.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lqc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lrb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lrg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lrr.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lsc.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lscr.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lsi.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lssd.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ltrs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ltvf.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lvs.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lwb.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lwf.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\lzwinky.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\mgaddons.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\ok.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\overlay.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\pid.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\qstring.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\shield.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\spacer.swf
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\toolbar.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\yelgrey.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\yellowbg.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\zEnable.css
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\zEnable.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\ie9mesg\COMMON\zEnable.js
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\8_step1.gif
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\index.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\rebut4b.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Message\COMMON\shield.png
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\prevcfg2.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\s_ie9mrd.dat
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\s_w1.dat
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\s_w2.dat
c:\users\tony\AppData\LocalLow\Maps4PC_0c\bar\Settings\setting3.htm
c:\users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\PopupProperties20040 1567.html
c:\users\tony\AppData\LocalLow\Maps4PC_0c\Shared\Cache\Radio.html
c:\users\tony\AppData\LocalLow\Maps4PC_0cEI
c:\users\tony\AppData\LocalLow\Maps4PC_0cEI\Installr\Cache\files.ini
c:\users\tony\AppData\LocalLow\mediabarim
c:\users\tony\AppData\LocalLow\mediabarim\dtx.ini
c:\users\tony\AppData\LocalLow\mediabarim\geodata.xml
c:\users\tony\AppData\LocalLow\mediabarim\geoip.xml
c:\users\tony\AppData\LocalLow\mediabarim\guid.dat
c:\users\tony\AppData\LocalLow\mediabarim\log.txt
c:\users\tony\AppData\LocalLow\mediabarim\preferences.dat
c:\users\tony\AppData\LocalLow\mediabarim\stats.dat
c:\users\tony\AppData\LocalLow\mediabarim\uninstallIE.dat
c:\users\tony\AppData\LocalLow\mediabarim\version.xml
c:\users\tony\AppData\LocalLow\mediabarim\weather\29dcc30c46c4a16ee5aa734a3 3f534e4
c:\users\tony\AppData\LocalLow\mediabarim\weather\b7974346827291993f35920e4 c828c59
c:\users\tony\AppData\LocalLow\mediabarim\weather\forecasts_cache.xml
c:\users\tony\AppData\LocalLow\mediabarim\weather\observations_cache.xml
c:\users\tony\AppData\LocalLow\mediabarim\weatherbutton_prefs.xml
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 01:14 PM #67
3rd!!!!
c:\users\tony\AppData\LocalLow\MyWebSearch
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\000164DA
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297233
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297696
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\002977ED.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\002979B2.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297C70.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\00297ED0.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0029818E.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A056.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A1CC.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A3DF.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\0081A6DB.bin
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Cache\files.ini
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\History\search3
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\btmarrow.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\cancel.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\config.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\continue.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\dispatch.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\divider.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\gcancel.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\index.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\infobar.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\jquery.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\la.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lbcs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lbms.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lca.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcfc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcm.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lcso.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lctn.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ldb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ldbg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lddg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lff.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lffb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lgs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lgw.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lha.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lhp.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lia.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\liwon.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lkazulah.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmd.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmfc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmh.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmma.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmosh.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmwf.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lmws.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lobm.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\loryte.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lpss.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lqc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lrb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lrg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lrr.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lsc.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lscr.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lsi.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lssd.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ltrs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ltvf.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lvs.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lwb.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lwf.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\lzwinky.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\ok.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\overlay.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\pid.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\qstring.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\shield.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\spacer.swf
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\toolbar.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\yelgrey.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\yellowbg.png
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\zEnable.css
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\zEnable.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\ie9mesg\COMMON\zEnable.js
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\prevcfg2.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\setting2.htm
c:\users\tony\AppData\LocalLow\MyWebSearch\bar\Settings\settings.dat
c:\users\tony\AppData\LocalLow\PriceGong
c:\users\tony\AppData\LocalLow\PriceGong\Data\1.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\a.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\b.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\c.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\d.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\e.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\f.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\g.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\ghkdejrtse.tmp
c:\users\tony\AppData\LocalLow\PriceGong\Data\h.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\i.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\J.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\k.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\l.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\m.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\mru.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\n.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\o.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\p.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\q.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\r.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\s.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\t.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\u.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\v.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\w.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\x.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\y.xml
c:\users\tony\AppData\LocalLow\PriceGong\Data\z.xml
c:\users\tony\AppData\LocalLow\searchqutb
c:\users\tony\AppData\LocalLow\searchqutb\dtx.ini
c:\users\tony\AppData\Roaming\Bandoo
c:\users\tony\AppData\Roaming\IObit
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\AutoSweep.ini
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Backup\ASCBackup-2011-07-13(20-49-03).reg
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Ignore.ini
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Log\ASCLog-2011-07-13(20-49-03).txt
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\Main.ini
c:\users\tony\AppData\Roaming\IObit\Advanced SystemCare V4\PMonitor\Config.ini
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-03-26.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-04-02.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-04-03.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\Log\2012-04-07.log
c:\users\tony\AppData\Roaming\IObit\IObit Uninstaller\SoftwareCache.ini
c:\users\tony\AppData\Roaming\LimeWire
c:\users\tony\AppData\Roaming\LimeWire\browser\xul-v2.0b2.5-do-not-remove
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal. dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.ja r
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\branding.ma nifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\classic.man ifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\comm.manife st
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\en-US.manifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.ja r
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\limewire.ma nifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\pippki.mani fest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\chrome\toolkit.man ifest
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\accessi bility-msaa.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\accessi bility.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\alerts. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appshel l.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appshel l_modal.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appshel l_modal.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\appstar tup.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dl l
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\autocom plete.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\autocon fig.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\autocon fig.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\caps.xp t
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\chardet .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\chrome. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\command handler.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\command lines.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\compose r.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content _base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content _html.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content _htmldoc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content _xmldoc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content _xslt.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content _xtf.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\content prefs.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\cookie. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\directo ry.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\docshel l_base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_bas e.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_can vas.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_cor e.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_css .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_eve nts.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_htm l.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_jso n.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_loa dsave.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_off line.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_ran ge.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sid ebar.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sto rage.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_sty lesheets.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_svg .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_tra versal.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_vie ws.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xbl .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xpa th.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\dom_xul .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\downloa ds.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\editor. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\embed_b ase.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\extensi ons.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\exthand ler.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\exthelp er.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\fastfin d.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\FeedPro cessor.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\feeds.x pt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\find.xp t
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\gfx.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\htmlpar ser.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\imgicon .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\imglib2 .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\inspect or.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\intl.xp t
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\jar.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\jsconso le-clhandler.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\jsdserv ice.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_ base.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_ printing.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_ xul.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\layout_ xul_tree.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\locale. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\loginmg r.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\lwbrk.x pt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\mimetyp e.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\mozbrws r.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\mozfind .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko.x pt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_a bout.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_c ache.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_c ookie.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_d ns.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_f ile.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_f tp.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_h ttp.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_r es.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_s ocket.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_s trconv.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\necko_v iewsource.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsAddon Repository.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBadCe rtHandler.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsBlock listService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsConte ntDispatchChooser.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsConte ntPrefService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDefau ltCLH.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDicti onary.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsDownl oadManagerUI.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsExten sionManager.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHandl erService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsHelpe rAppDlg.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLivem arkService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLogin Info.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLogin Manager.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsLogin ManagerPrompter.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsPostU pdateWin.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProgr essDialog.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsProxy AutoConfig.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsReset Pref.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTaggi ngService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsTryTo Close.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsUpdat eService.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsURLFo rmatter.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsWebHa ndlerApp.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXmlRp cClient.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\nsXULAp pInstall.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\oji.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\parenta lcontrols.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot .dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipboot .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss. dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pipnss. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki. dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pippki. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\places. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\plugin. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pluginG lue.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\pref.xp t
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\prefetc h.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\profile .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\proxyOb ject.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\rdf.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\satchel .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\saxpars er.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\shistor y.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\spellch ecker.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\storage-Legacy.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\storage .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\toolkit profile.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\transfo rmiix.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\txEXSLT RegExFunctions.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\txmgr.x pt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\txtsvc. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\uconv.x pt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\unichar util.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\univers alchardet.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\update. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\uriload er.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\urlform atter.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\webBrow ser_core.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\webbrow serpersist.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\webshel l_idls.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\websrvc s.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\widget. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\windowd s.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\windoww atcher.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xml-rpc.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xmlextr as.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_b ase.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_c omponents.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_d s.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_i o.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_s ystem.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_t hread.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpcom_x pti.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpconne ct.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xpinsta ll.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xulapp_ setup.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xuldoc. xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xultmpl .xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\xulutil .dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\components\zipwrit er.xpt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.ini
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfi g\platform.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\autoconfi g\prefcalls.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\pref\xulr unner.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\c hrome\userChrome-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\c hrome\userContent-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\l ocalstore.rdf
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\U S\chrome\userChrome-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\U S\chrome\userContent-example.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\defaults\profile\U S\localstore.rdf
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\dependentlibs.list
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.aff
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\dictionaries\en-US.dic
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.chk
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\freebl3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\all.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\security-prefs.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\greprefs\xpinstall .js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcom.jar
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\javaxpcomglue.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\js3250.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\LICENSE
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\debug.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\DownloadUt ils.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\ISO8601Dat eUtils.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\JSON.jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\Microforma ts.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\PluralForm .jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\utils.js
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\modules\XPCOMUtils .jsm
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\mozctl.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\mozctlx.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\MSVCP71.DLL
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\msvcr71.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nspr4.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nss3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nssckbi.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nssdbm3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\nssutil3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\platform.ini
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\plc4.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\plds4.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\plugins\npnul32.dl l
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\README.txt
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\arrow.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\arrowd.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\broken-image.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetalias.p roperties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\charsetData.pr operties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\contenteditabl e.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\designmode.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\mathml.dtd
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\dtd\xhtml11.dt d
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\EditorOverride .css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\h tml40Latin1.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\h tml40Special.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\h tml40Symbols.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\h tmlEntityVersions.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\m athml20.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\entityTables\t ransliterate.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont .properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont StandardSymbolsL.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont STIXNonUnicode.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont STIXSize1.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont Symbol.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\fonts\mathfont Unicode.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\forms.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\grabber.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\hiddenWindow.h tml
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\html.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\html\folder.pn g
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\langGroups.pro perties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\language.prope rties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\loading-image.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\mathml.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\quirk.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\svg.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-after.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-column-before.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-after.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-add-row-before.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-column.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-active.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row-hover.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\table-remove-row.gif
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\ua.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\viewsource.css
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\res\wincharset.pro perties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\smime3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.chk
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\softokn3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\sqlite3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\ssl3.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\version.properties
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpcom.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xul.dll
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
c:\users\tony\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
c:\users\tony\AppData\Roaming\LimeWire\certificate\limewire.keystore
c:\users\tony\AppData\Roaming\LimeWire\createtimes.cache
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 01:15 PM #68
4th and last I hope!
c:\users\tony\AppData\Roaming\LimeWire\downloads.dat
c:\users\tony\AppData\Roaming\LimeWire\fileurns.cache
c:\users\tony\AppData\Roaming\LimeWire\gnutella.net
c:\users\tony\AppData\Roaming\LimeWire\installation.props
c:\users\tony\AppData\Roaming\LimeWire\library.dat
c:\users\tony\AppData\Roaming\LimeWire\library5.dat
c:\users\tony\AppData\Roaming\LimeWire\limewire.props
c:\users\tony\AppData\Roaming\LimeWire\lock
c:\users\tony\AppData\Roaming\LimeWire\mojito.props
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\.autoreg
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_001_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_002_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_003_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\_CACHE_MAP_
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\1FEE1D13d01
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\2C5B4A30d01
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\Cache\7BD6A121d01
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\cert8.db
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\compreg.dat
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\cookies.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\downloads.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\extensions.cache
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\extensions.ini
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\history.dat
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\key3.db
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\permissions.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite-journal
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\places.sqlite
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\pluginreg.dat
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\prefs.js
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\secmod.db
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\XPC.mfl
c:\users\tony\AppData\Roaming\LimeWire\mozilla-profile\xpti.dat
c:\users\tony\AppData\Roaming\LimeWire\player.props
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.backup
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.data
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.properties
c:\users\tony\AppData\Roaming\LimeWire\promotion\promodb.script
c:\users\tony\AppData\Roaming\LimeWire\questions.props
c:\users\tony\AppData\Roaming\LimeWire\responses.cache
c:\users\tony\AppData\Roaming\LimeWire\restaccess.txt
c:\users\tony\AppData\Roaming\LimeWire\simpp.cert
c:\users\tony\AppData\Roaming\LimeWire\simpp.xml
c:\users\tony\AppData\Roaming\LimeWire\spam.dat
c:\users\tony\AppData\Roaming\LimeWire\tables.props
c:\users\tony\AppData\Roaming\LimeWire\update.cert
c:\users\tony\AppData\Roaming\LimeWire\urns.dat
c:\users\tony\AppData\Roaming\LimeWire\version.xml
c:\users\tony\AppData\Roaming\LimeWire\versions.props
c:\users\tony\AppData\Roaming\LimeWire\xml\data\torrent.sxml3
c:\users\tony\AppData\Roaming\LimeWire\xml\data\video.sxml3
c:\users\tony\AppData\Roaming\system.conf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\404Fix.exe
c:\windows\SysWow64\Agent.OMZ.Fix.exe
c:\windows\SysWow64\dumphive.exe
c:\windows\SysWow64\f3PSSavr.scr
c:\windows\SysWow64\IEDFix.C.exe
c:\windows\SysWow64\IEDFix.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\o4Patch.exe
c:\windows\SysWow64\SrchSTS.exe
c:\windows\SysWow64\tmp.reg
c:\windows\SysWow64\VACFix.exe
c:\windows\SysWow64\VCCLSID.exe
c:\windows\SysWow64\WS2Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-03-17 to 2012-04-17 )))))))))))))))))))))))))))))))
.
.
2012-04-17 16:49 . 2012-04-17 16:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-04-17 16:49 . 2012-04-17 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-16 19:31 . 2012-04-16 19:31 -------- d-----w- c:\programdata\ATI
2012-04-16 19:31 . 2012-04-16 19:31 -------- d-----w- c:\program files (x86)\AMD AVT
2012-04-15 11:38 . 2012-04-15 11:38 447 ----a-w- C:\user.js
2012-04-15 08:47 . 2012-04-17 16:56 -------- d-----w- c:\program files (x86)\Steam
2012-04-14 11:43 . 2012-04-14 11:43 -------- d-----w- c:\users\tony\AppData\Local\Wajam
2012-04-14 11:43 . 2012-04-14 20:09 -------- d-----w- c:\program files (x86)\Wajam
2012-04-12 14:46 . 2012-04-12 14:46 -------- d-----w- C:\_OTL
2012-04-07 18:26 . 2012-04-07 20:04 -------- dc----w- c:\users\tony\AppData\Local\MigWiz
2012-04-07 08:34 . 2012-04-07 08:34 -------- d-----w- c:\program files (x86)\Safer Networking
2012-04-07 08:12 . 2012-04-14 20:09 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-04-07 08:12 . 2012-04-14 20:09 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-04-06 13:42 . 2012-04-06 14:02 -------- d-----w- c:\users\tony\AppData\Roaming\calibre
2012-04-06 13:42 . 2012-04-14 20:09 -------- d-----w- c:\program files (x86)\Calibre2
2012-04-05 19:19 . 2012-04-05 19:19 -------- d-----w- c:\users\tony\Doctor Web
2012-04-05 19:15 . 2012-04-05 19:15 -------- d-----w- c:\program files\Common Files\Doctor Web
2012-04-05 09:51 . 2012-04-07 19:26 -------- d-----w- c:\program files (x86)\7-Zip
2012-04-04 20:20 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-04-04 19:39 . 2012-04-04 19:39 691 ----a-w- c:\users\tony\AppData\Roaming\GetValue.vbs
2012-04-04 19:39 . 2012-04-04 19:39 35 ----a-w- c:\users\tony\AppData\Roaming\SetValue.bat
2012-04-04 19:16 . 2012-04-04 19:16 388096 ----a-r- c:\users\tony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-04 19:16 . 2012-04-04 19:16 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-04 13:11 . 2012-04-07 19:46 -------- d-----w- c:\programdata\Doctor Web
2012-04-03 19:43 . 2012-04-04 19:54 -------- d-----w- c:\users\tony\AppData\Local\FileTypeAssistant
2012-04-03 19:42 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\File Type Assistant
2012-04-03 17:31 . 2012-04-07 06:21 -------- d-----w- c:\windows\en
2012-04-03 17:27 . 2012-03-08 17:40 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-04-03 17:27 . 2012-04-07 06:21 -------- d-----w- c:\program files (x86)\Windows Live
2012-04-03 17:22 . 2012-04-03 17:22 7450888 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\49e3c6cc1cd11be05\bingbarsetup.exe
2012-04-03 17:21 . 2012-04-03 17:21 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\3ab9c82a1cd11be04\MeshBetaRemover.exe
2012-04-03 17:21 . 2012-04-03 17:21 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DSETUP.dll
2012-04-03 17:21 . 2012-04-03 17:21 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\DXSETUP.exe
2012-04-03 17:21 . 2012-04-03 17:21 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\37acd5f71cd11be03\dsetup32.dll
2012-04-03 16:51 . 2012-04-03 16:51 -------- d-----w- c:\users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn
2012-04-03 16:49 . 2012-04-07 06:21 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2012-04-03 13:07 . 2012-04-03 13:07 -------- d-----w- c:\users\tony\DoctorWeb
2012-04-03 12:18 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-04-03 12:18 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-02 14:36 . 2012-04-14 20:09 -------- d-----w- c:\users\tony\AppData\Roaming\AVG2012
2012-04-02 14:34 . 2012-04-07 06:21 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-04-02 14:34 . 2012-04-17 14:46 -------- d-----w- c:\windows\system32\drivers\AVG
2012-04-02 14:34 . 2012-04-02 14:34 -------- d-----w- C:\$AVG
2012-04-02 13:19 . 2012-04-07 06:22 -------- d-----w- c:\program files (x86)\Avast
2012-04-02 11:35 . 2012-04-02 12:58 -------- d-----w- c:\programdata\Alwil Software
2012-04-01 19:21 . 2012-04-07 06:21 -------- d-----w- c:\programdata\InstallShield
2012-04-01 19:20 . 2012-04-01 19:20 -------- d-----w- c:\program files (x86)\Medea International Ltd
2012-04-01 19:10 . 2012-04-03 13:33 -------- d-----w- c:\program files (x86)\Easy CD & DVD Cover Creator
2012-04-01 08:22 . 2012-04-13 20:22 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-01 07:45 . 2012-04-13 20:22 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-26 18:43 . 2012-03-26 18:43 -------- d-----w- c:\users\tony\AppData\Roaming\NCH Software
2012-03-26 15:41 . 2012-03-26 15:41 103864 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 20:31 . 2012-01-11 20:39 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-16 20:30 . 2010-05-23 17:57 2434856 ----a-w- c:\windows\SysWow64\pbsvc_bc2.exe
2012-04-16 20:30 . 2010-05-09 17:03 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-13 20:50 . 2010-05-16 18:14 270904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-13 20:22 . 2011-05-18 17:54 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-10 08:43 . 2010-03-18 22:09 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup .dll
2012-04-10 08:42 . 2010-05-23 17:39 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-04-10 08:42 . 2010-03-18 22:09 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\Spotlight Resources.dll
2012-04-07 15:24 . 2010-05-09 17:03 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-26 14:45 . 2011-04-27 11:32 101360 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-03-09 05:16 . 2010-08-04 00:54 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-03-09 05:14 . 2012-02-15 03:17 958464 ----a-w- c:\windows\system32\aticfx64.dll
2012-03-09 05:11 . 2012-02-15 03:13 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe
2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe
2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-03-09 05:04 . 2012-03-09 05:04 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll
2012-03-09 04:45 . 2012-03-09 04:45 7646208 ----a-w- c:\windows\system32\atidxx64.dll
2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-03-09 04:35 . 2012-02-15 02:40 4958208 ----a-w- c:\windows\system32\atiumd6a.dll
2012-03-09 04:23 . 2010-08-04 00:21 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-03-09 04:23 . 2010-08-04 00:28 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll
2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-03-09 04:11 . 2012-02-15 02:25 7552000 ----a-w- c:\windows\system32\atiumd64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-09 03:58 . 2012-02-15 02:14 512000 ----a-w- c:\windows\system32\atiadlxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll
2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-03-09 03:57 . 2010-03-03 03:06 43008 ----a-w- c:\windows\system32\atiuxp64.dll
2012-03-09 03:56 . 2012-03-09 03:56 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-03-09 03:56 . 2012-02-15 02:12 39936 ----a-w- c:\windows\system32\atiu9p64.dll
2012-03-09 03:56 . 2010-08-04 00:14 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-03-09 03:47 . 2010-03-03 03:23 58880 ----a-w- c:\windows\system32\coinst.dll
2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
2012-03-05 15:49 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-03-18 20:48 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-22 04:25 . 2012-02-22 04:25 382032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-02-22 04:25 . 2012-02-22 04:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2012-02-21 16:16 . 2012-02-21 16:16 53248 ----a-r- c:\users\tony\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-02-14 22:05 . 2012-02-14 22:05 69632 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-02-14 22:05 . 2012-02-14 22:05 59904 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-02-14 22:05 . 2012-02-14 22:05 61952 ----a-w- c:\windows\system32\OVDecode64.dll
2012-02-14 22:05 . 2012-02-14 22:05 54784 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-02-14 22:05 . 2012-02-14 22:05 16507904 ----a-w- c:\windows\system32\amdocl64.dll
2012-02-14 22:04 . 2012-02-14 22:04 13238272 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-02-14 22:03 . 2012-02-14 22:03 54272 ----a-w- c:\windows\system32\OpenCL.dll
2012-02-14 22:03 . 2012-02-14 22:03 48128 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-01-31 06:02 . 2012-01-31 06:02 21504 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-01-31 06:00 . 2012-01-31 06:00 16896 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-01-31 03:46 . 2012-01-31 03:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-04-17_15.39.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-17 16:52 . 2012-04-17 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-17 15:38 . 2012-04-17 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-04-17 16:52 . 2012-04-17 16:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-04-17 15:38 . 2012-04-17 15:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-04-17 16:49 309760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-17 15:34 309760 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-04-16 22:06 . 2012-04-17 16:49 37494572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1524944666-1662594902-3796366332-1000-12288.dat
- 2010-04-16 22:06 . 2012-04-17 15:34 37494572 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1524944666-1662594902-3796366332-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\progra~2\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Search Protection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-15 1242448]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-12-01 385024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ru n]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-08 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-03 385024]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-08-25 656896]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-12-04 296056]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-02-16 2575712]
"YSearchProtection"="c:\program files (x86)\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\ex plorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DrWebE ngine]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFser vice]
@=""
.
R0 SpiderG3;DrWeb file system scanner;c:\windows\system32\drivers\spiderg3.sys [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-02-14 5104992]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 135664]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 120(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-09-17 23536]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2011-01-04 16392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WPRO_40_1340;WinPcap Packet Driver (WPRO_40_1340);c:\windows\system32\drivers\WPRO_40_1340.sys [x]
R4 NielsenUpdate;Nielsen Update;c:\program files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-05-03 306496]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\avgidseha.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 nnfwdk;Nielsen WFP Driver;c:\program files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys [2010-10-04 25648]
S1 RapportCerberus_34302;RapportCerberus_34302;c:\programdata\Trusteer\Rapport \store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys [2011-12-07 397520]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2012-03-26 55056]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2012-03-26 296048]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-01-25 140672]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2010/01/07 20:24];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-09-17 17:41 146928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-02-14 2316624]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 CDMA Device Service;CDMA Device Service;c:\program files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe [2011-08-02 159232]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-12-13 523136]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2012-03-26 976696]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WajamUpdater;WajamUpdater;c:\program files (x86)\Wajam\Updater\WajamUpdater.exe [2012-03-09 109064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AVER_H193;AVerMedia H193 Video Capture;c:\windows\system32\drivers\AVer888RC_64.sys [x]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]
S3 CXCIR;AVerMedia Consumer Infrared Receiver;c:\windows\system32\DRIVERS\AVer888RCIR_64.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:22]
.
2010-07-11 c:\windows\Tasks\Chameleon Monitor-startup-tony.job
- c:\program files (x86)\Common Files\Chameleon Manager\monitor.exe [2010-06-09 10:02]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 19:39]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-11 19:39]
.
2011-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mystart.incredibar.com/mb118?a=6PQusNkZzZ&i=26
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.yahoo.com/?ilc=8
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: Download all with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:bd,6c,43,24,25,8a,80,e7,f0,47,31,4d,2a,29,09,b8,f3,54,80,47,31,9a, 4c,
e9,5c,fe,a6,10,b8,ad,2c,41,6c,c3,b4,a9,3f,b9,3f,1c,bd,76,14,26,15,dd,40,aa, \
"??"=hex:eb,d2,a3,8f,e2,18,9a,95,4e,92,26,3d,b4,8d,f6,c8
.
[HKEY_USERS\S-1-5-21-1524944666-1662594902-3796366332-1000\Software\SecuROM\License information*]
"datasecu"=hex:98,b9,91,0b,e2,bd,b5,c5,e3,c5,26,03,0e,b6,f5,7d,94,13,82,97, 23,
8f,e3,c0,12,a6,76,74,d1,9b,6c,ee,67,29,89,01,2d,6b,62,37,30,36,ab,f1,df,1d, \
"rkeysecu"=hex:5b,db,b1,5f,32,d6,7e,fa,9e,17,6e,58,3b,5a,95,4c
.
[HKEY_LOCAL_MACHINE\software\NetRatingsNetSight]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00, 79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00, \
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Trusteer\Rapport\bin\RapportService.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
c:\program files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2012-04-17 18:03:04 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-17 17:03
ComboFix2.txt 2012-04-17 15:49
ComboFix3.txt 2012-04-10 16:21
.
Pre-Run: 1,076,543,610,880 bytes free
Post-Run: 1,076,277,735,424 bytes free
.
- - End Of File - - 166F8609C02C28A0545D2E0237952F27
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 01:16 PM #69
there you go, piece of cake for a guru like me!!!!!!!!!!!!!
eddie5659's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 28,323 posts.
 
Join Date: Mar 2001
Location: Bradford, England
17-Apr-2012, 04:41 PM #70


Made my day reading the last comment after reading all the logs

Okay, well, it looks like its removed all of it, as you can tell

I'm still in the process of checking the files that you uplaoded. One has been removed already (it snuck in the Combofix removal, so it was targeted). 3 are okay, but just checking the 5th. I'll let you know as soon as I can, but may take a while.

---

We have a database of files etc, so any info on certain files is very useful, as this can help many malware experts in the future. These entries are legit, but we try and compile a list of good/bad, to help everyone

Can you run the following in SystemLook again:

Code:
:file
C:\Windows\SysNative\drivers\AVer888RC_64.sys
C:\Windows\SysNative\drivers\AVer888RCIR_64.sys
C:\Windows\system32\drivers\dw_wfp.sys
C:\Program Files (x86)\DrWeb\dwservice.exe
C:\Program Files (x86)\DrWeb\dwnetfilter.exe
I promise it will be a small log


Now, apart from BF3, we're nearly there. Just a couple of more things for the leftovers, then we'll look at BF3

-----------

This is a different tool to OTL. Very similar name, but called OTS

Download OTS to your Desktop and double-click on it to run it
  • Make sure you close all other programs and don't use the PC while the scan runs.
  • Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and post the information back here in an attachment. I will review it when it comes in. The last line is < End of Report >, so make sure that is the last line in the attached report.


Make sure you attach the report in your reply. If it is too big to upload, then zip the text file and upload it that way


-------

Please go to here to run an online scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.



On a side note, since the Eset scanner is a 32-bit applcation, If you're running a 64-bit system you have to choose the 32-bit option in IE when running the scan


------------

Download Security Check from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



eddie
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
17-Apr-2012, 05:15 PM #71
sorry this the only way I can find to send the file!

Code:
OTS logfile created on: 17/04/2012 21:59:15 - Run 1
OTS by OldTimer - Version 3.1.47.2     Folder = C:\Users\tony\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 64.00% Memory free
12.00 Gb Paging File | 9.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.64 Gb Total Space | 996.79 Gb Free Space | 71.99% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 1.72 Gb Free Space | 13.76% Space Free | Partition Type: NTFS
Drive E: | 7.91 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 465.76 Gb Total Space | 359.04 Gb Free Space | 77.09% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TONY-PC
Current User Name: tony
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Users\tony\Downloads\OTS.exe -> [2012/04/17 21:58:27 | 000,646,656 | ---- | M] (OldTimer Tools)
pnkbstrb.exe -> C:\Windows\SysWOW64\PnkBstrB.exe -> [2012/04/16 21:31:08 | 000,189,248 | ---- | M] ()
pnkbstra.exe -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/04/16 21:30:59 | 000,075,064 | ---- | M] ()
kiespdlr.exe -> C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -> [2012/04/04 06:05:28 | 000,021,392 | ---- | M] ()
rapportservice.exe -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe -> [2012/03/26 15:44:40 | 001,668,920 | ---- | M] (Trusteer Ltd.)
rapportmgmtservice.exe -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2012/03/26 15:44:40 | 000,976,696 | ---- | M] (Trusteer Ltd.)
wajamupdater.exe -> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -> [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam)
avgtray.exe -> C:\Program Files (x86)\AVG\AVG2012\avgtray.exe -> [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -> [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgfws.exe -> C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -> [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgidsagent.exe -> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -> [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.)
realsched.exe -> C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe -> [2011/12/04 18:38:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.)
lws.exe -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -> [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.)
camerahelpershell.exe -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe -> [2011/11/11 15:07:54 | 000,265,240 | ---- | M] ()
cocimanager.exe -> C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe -> [2011/08/12 13:19:40 | 000,680,984 | ---- | M] ()
hpdrvmntsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
seaport.exe -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation)
hydradm.exe -> C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe -> [2009/12/01 23:37:30 | 000,385,024 | ---- | M] (AMD)
clmlsvc.exe -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2009/12/01 21:49:52 | 000,210,216 | ---- | M] (CyberLink)
iastordatamgrsvc.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation)
iastoricon.exe -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe -> [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation)
hp_remote_solution.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe -> [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard)
batindicator.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe -> [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard)
cnyhkey.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe -> [2009/05/08 17:11:00 | 002,068,992 | ---- | M] (Hewlett-Packard)
modledkey.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe -> [2009/02/27 20:13:04 | 000,053,248 | ---- | M] ()
searchprotection.exe -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe -> [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
hpsysdrv.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
swsc.exe -> C:\Windows\SysWOW64\swsc.exe -> [2006/01/09 10:36:06 | 000,040,960 | ---- | M] ()
 
[Modules - No Company Name]
clisecurert.dll -> C:\Users\tony\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll -> [2012/04/17 17:54:51 | 000,115,137 | ---- | M] ()
kiespdlr.exe -> C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -> [2012/04/04 06:05:28 | 000,021,392 | ---- | M] ()
rapportms.dll -> C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll -> [2012/02/20 09:37:24 | 000,520,464 | ---- | M] ()
js32.dll -> C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll -> [2012/02/01 13:43:10 | 000,557,056 | ---- | M] ()
devmanagercore.dll -> C:\Program Files (x86)\Common Files\LogiShrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll -> [2011/11/11 15:09:20 | 000,336,408 | ---- | M] ()
qtgui4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll -> [2011/11/11 15:08:18 | 007,956,504 | ---- | M] ()
qtxml4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll -> [2011/11/11 15:08:18 | 000,342,552 | ---- | M] ()
qjpeg4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll -> [2011/11/11 15:08:18 | 000,128,536 | ---- | M] ()
qgif4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll -> [2011/11/11 15:08:18 | 000,029,208 | ---- | M] ()
qtcore4.dll -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll -> [2011/11/11 15:08:06 | 002,145,304 | ---- | M] ()
camerahelpershell.exe -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe -> [2011/11/11 15:07:54 | 000,265,240 | ---- | M] ()
cocimanager.exe -> C:\Program Files (x86)\Common Files\LogiShrd\LQCVFX\COCIManager.exe -> [2011/08/12 13:19:40 | 000,680,984 | ---- | M] ()
system.management.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\6989a7f98486e07c8853a1cbac0b018b\System.Management.ni.dll -> [2011/06/15 10:42:24 | 001,206,784 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\2b64b354c9d774b00e34a38ca2f2bbf5\System.Runtime.Remoting.ni.dll -> [2011/06/15 10:41:24 | 000,760,320 | ---- | M] ()
system.xaml.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cda290604367dfed56f629590d9b247f\System.Xaml.ni.dll -> [2011/06/15 10:41:13 | 001,777,664 | ---- | M] ()
system.runtime.remoting.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\443b11b528455611c7549b56349a56eb\System.Runtime.Remoting.ni.dll -> [2011/06/14 20:42:38 | 000,771,584 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\933baa29f5feba3093ba81c5b9b82b1c\System.Windows.Forms.ni.dll -> [2011/06/14 20:42:12 | 012,431,360 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e979f76558e7e1f7127a5244fb5a0347\System.Drawing.ni.dll -> [2011/06/14 20:42:07 | 001,586,688 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\93e867e55d7df3a8b4bd1aba3af6f18d\WindowsBase.ni.dll -> [2011/06/14 20:41:53 | 003,325,952 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\682572c507ea7552c3db1842c21bf9c8\System.Xml.ni.dll -> [2011/06/14 20:41:49 | 005,452,800 | ---- | M] ()
system.configuration.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e8add38eb4f9c07790b5be549c5f0dae\System.Configuration.ni.dll -> [2011/06/14 20:41:47 | 000,971,264 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f7048e198c963fa189cff3aea17dfee3\System.ni.dll -> [2011/06/14 20:41:46 | 007,949,824 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\23bc3936180ff789f44259a211dfc7fc\mscorlib.ni.dll -> [2011/06/14 20:41:32 | 011,490,304 | ---- | M] ()
presentationframework.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3301988e8bf82eb201a369b200a62aff\PresentationFramework.ni.dll -> [2011/06/14 20:22:41 | 017,640,448 | ---- | M] ()
presentationcore.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\1e7c8398208782f3052122e52ab5f811\PresentationCore.ni.dll -> [2011/06/14 20:22:31 | 011,059,200 | ---- | M] ()
system.windows.forms.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1af7f78f2e767951259c73e1a1a94627\System.Windows.Forms.ni.dll -> [2011/06/14 20:22:28 | 013,083,136 | ---- | M] ()
presentationframework.aero.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7256c72bca2e8230e59ce69b426f4e80\PresentationFramework.Aero.ni.dll -> [2011/06/14 20:22:21 | 000,450,048 | ---- | M] ()
system.core.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\4fdda3a7262d4e7a6a6efb4ae2d8629b\System.Core.ni.dll -> [2011/06/14 20:22:12 | 007,029,760 | ---- | M] ()
system.xml.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\17e40bc51087ecebc2a73dca2a192182\System.Xml.ni.dll -> [2011/06/14 20:22:09 | 005,577,728 | ---- | M] ()
windowsbase.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\219da7501f7f0b9129a781bad64b4079\WindowsBase.ni.dll -> [2011/06/14 20:22:09 | 003,783,680 | ---- | M] ()
system.drawing.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\a315406b55b1be4a462e2a0b33c4ad13\System.Drawing.ni.dll -> [2011/06/14 20:22:08 | 001,651,712 | ---- | M] ()
system.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\System\795237f85cf5c8ff5a0499604698be19\System.ni.dll -> [2011/06/14 20:22:06 | 009,027,072 | ---- | M] ()
mscorlib.ni.dll -> C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\658bbc023e2f4f4e802be9483e988373\mscorlib.ni.dll -> [2011/05/14 20:32:50 | 014,416,384 | ---- | M] ()
clmedialibrary.dll -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll -> [2009/12/01 21:49:50 | 000,931,112 | ---- | M] ()
modledkey.exe -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe -> [2009/02/27 20:13:04 | 000,053,248 | ---- | M] ()
wminput.dll -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\WMINPUT.dll -> [2009/02/19 18:22:50 | 000,028,672 | ---- | M] ()
swsc.exe -> C:\Windows\SysWOW64\swsc.exe -> [2006/01/09 10:36:06 | 000,040,960 | ---- | M] ()
 
[Win32 Services - Safe List]
64bit-(AMD External Events Utility)  [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2012/03/09 06:10:20 | 000,235,520 | ---- | M] (AMD)
64bit-(!SASCORE)  [Auto | Running] -> C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -> [2012/01/25 21:29:11 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com)
64bit-(wlcrasvc)  [Disabled | Stopped] -> C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -> [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend)  [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
(PnkBstrB) PnkBstrB [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrB.exe -> [2012/04/16 21:31:08 | 000,189,248 | ---- | M] ()
(PnkBstrA) PnkBstrA [Auto | Running] -> C:\Windows\SysWOW64\PnkBstrA.exe -> [2012/04/16 21:30:59 | 000,075,064 | ---- | M] ()
(AdobeFlashPlayerUpdateSvc) Adobe Flash Player Update Service [On_Demand | Stopped] -> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -> [2012/04/13 21:22:54 | 000,253,088 | ---- | M] (Adobe Systems Incorporated)
(RapportMgmtService) Rapport Management Service [Auto | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -> [2012/03/26 15:44:40 | 000,976,696 | ---- | M] (Trusteer Ltd.)
(WajamUpdater) WajamUpdater [Auto | Running] -> C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -> [2012/03/09 23:50:38 | 000,109,064 | ---- | M] (Wajam)
(avgwd) AVG WatchDog [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -> [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.)
(avgfws) AVG Firewall [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -> [2012/02/14 04:53:36 | 002,316,624 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AVGIDSAgent) AVGIDSAgent [Auto | Running] -> C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -> [2012/02/14 04:52:54 | 005,104,992 | ---- | M] (AVG Technologies CZ, s.r.o.)
(GoToAssist) GoToAssist [On_Demand | Stopped] -> C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -> [2011/09/01 17:49:54 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
(CDMA Device Service) CDMA Device Service [Auto | Running] -> C:\Program Files (x86)\Samsung\USB Drivers\26_VIA_driver2\amd64\VIAService.exe -> [2011/08/02 10:47:14 | 000,159,232 | ---- | M] ()
(HP Support Assistant Service) HP Support Assistant Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -> [2011/06/21 15:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company)
(NielsenUpdate) Nielsen Update [Disabled | Stopped] -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe -> [2011/05/03 19:46:26 | 000,306,496 | ---- | M] (The Nielsen Company)
(BBSvc) Bing Bar Update Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -> [2011/04/01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.)
(HPDrvMntSvc.exe) HP Quick Synchronization Service [Auto | Running] -> C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -> [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -> [2011/03/28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation)
(Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Steam\SteamService.exe -> [2011/03/16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation)
(npggsvc) nProtect GameGuard Service [On_Demand | Stopped] -> C:\Windows\SysWow64\GameMon.des -> [2010/03/31 17:26:00 | 003,612,600 | ---- | M] (INCA Internet Co., Ltd.)
(clr_optimization_v4.0.30319_32) Microsoft .NET Framework NGEN v4.0.30319_X86 [Auto | Stopped] -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -> [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation)
(IAStorDataMgrSvc) Intel(R) Rapid Storage Technology [Auto | Running] -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -> [2009/10/02 13:26:12 | 000,013,336 | ---- | M] (Intel Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Disabled | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -> [2009/06/06 01:07:28 | 000,250,616 | ---- | M] (WildTangent, Inc.)
(ezSharedSvc) Easybits Shared Services for Windows [Auto | Running] -> C:\Windows\SysWOW64\ezsvc7.dll -> [2009/02/22 13:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS)
(SBSDWSCService) SBSD Security Center Service [Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.)
 
[Driver Services - Safe List]
64bit-(RapportKE64) RapportKE64 [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\RapportKE64.sys -> [2012/03/26 15:45:32 | 000,101,360 | ---- | M] (Trusteer Ltd.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdag) amdkmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2012/03/09 07:28:08 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(amdkmdap) amdkmdap [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmpag.sys -> [2012/03/09 04:58:02 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.)
64bit-(fssfltr) fssfltr [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation)
64bit-(Avgtdia) AVG TDI Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgtdia.sys -> [2012/02/22 05:25:50 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgldx64) AVG AVI Loader Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgldx64.sys -> [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(Avgrkx64) AVG Anti-Rootkit Driver [File_System | Boot | Running] -> C:\Windows\SysNative\drivers\avgrkx64.sys -> [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(LVUVC64) Logitech Webcam 120(UVC) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\LVUVC64.sys -> [2012/01/18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.)
64bit-(LVRS64) Logitech RightSound Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lvrs64.sys -> [2012/01/18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.)
64bit-(Avgmfx64) AVG Mini-Filter Resident Anti-Virus Shield [File_System | System | Running] -> C:\Windows\SysNative\drivers\avgmfx64.sys -> [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(AVGIDSFilter) AVGIDSFilter [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\avgidsfiltera.sys -> [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSEH) AVGIDSEH [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\avgidseha.sys -> [2011/12/23 13:32:02 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(AVGIDSDriver) AVGIDSDriver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\avgidsdrivera.sys -> [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. )
64bit-(ssadmdm) SAMSUNG Android USB Modem Drivers [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssadmdm.sys -> [2011/10/27 02:25:42 | 000,177,640 | ---- | M] (MCCI Corporation)
64bit-(ssadbus) SAMSUNG Android USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssadbus.sys -> [2011/10/27 02:25:42 | 000,157,672 | ---- | M] (MCCI Corporation)
64bit-(ssadmdfl) SAMSUNG Android USB Modem (Filter) [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ssadmdfl.sys -> [2011/10/27 02:25:42 | 000,016,872 | ---- | M] (MCCI Corporation)
64bit-(dc3d) MS Hardware Device Detection Driver (USB) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\dc3d.sys -> [2011/08/01 16:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation)
64bit-(Point64) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\point64.sys -> [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation)
64bit-(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -> [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\saskutil64.sys -> [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
64bit-(Avgfwfd) AVG network filter service [Kernel | System | Running] -> C:\Windows\SysNative\drivers\avgfwd6a.sys -> [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.)
64bit-(aswFW) avast! TDI Firewall driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswFW.sys -> [2011/02/23 15:57:43 | 000,127,320 | ---- | M] (AVAST Software)
64bit-(aswNdis2) avast! Firewall Core Firewall Service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\aswNdis2.sys -> [2011/02/23 15:56:48 | 000,253,784 | ---- | M] (AVAST Software)
64bit-(aswNdis) avast! Firewall NDIS Filter Service [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\aswNdis.sys -> [2011/02/23 14:34:54 | 000,012,368 | ---- | M] (ALWIL Software)
64bit-(TFsExDisk) TFsExDisk [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\TFsExDisk.sys -> [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc)
64bit-(taphss) Anchorfree HSS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\taphss.sys -> [2010/09/22 20:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc)
64bit-(AtiHdmiService) ATI Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AtiHdmi.sys -> [2009/11/19 08:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.)
64bit-(AVER_H193) AVerMedia H193 Video Capture [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVer888RC_64.sys -> [2009/11/13 06:21:22 | 000,543,616 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.)
64bit-(CXCIR) AVerMedia Consumer Infrared Receiver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\AVer888RCIR_64.sys -> [2009/11/13 06:20:14 | 000,039,936 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.)
64bit-(netr28x) Ralink 802.11n Extensible Wireless Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\netr28x.sys -> [2009/10/12 13:42:24 | 000,763,904 | ---- | M] (Ralink Technology, Corp.)
64bit-(LVPr2M64) Logitech LVPr2M64 Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\LVPr2M64.sys -> [2009/10/07 02:45:50 | 000,030,232 | ---- | M] ()
64bit-(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\iaStor.sys -> [2009/10/02 12:58:58 | 000,537,112 | ---- | M] (Intel Corporation)
64bit-(HECIx64) Intel(R) Management Engine Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HECIx64.sys -> [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation)
64bit-(PCDSRVC{F36B3A4C-F95654BD-06000000}_0) PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver [Kernel | On_Demand | Stopped] -> c:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms -> [2009/09/17 06:57:46 | 000,023,536 | ---- | M] (PC-Doctor, Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/08/21 01:05:06 | 000,239,616 | ---- | M] (Realtek                                            )
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(StillCam) Still Serial Digital Camera Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\serscan.sys -> [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\usb8023x.sys -> [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\GEARAspiWDM.sys -> [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.)
(RapportPG64) RapportPG64 [Kernel | System | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -> [2012/03/26 15:45:32 | 000,296,048 | ---- | M] (Trusteer Ltd.)
(RapportEI64) RapportEI64 [Kernel | System | Running] -> C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -> [2012/03/26 15:45:32 | 000,055,056 | ---- | M] (Trusteer Ltd.)
(RapportCerberus_34302) RapportCerberus_34302 [Kernel | System | Running] -> C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\34302\RapportCerberus64_34302.sys -> [2011/12/07 20:10:59 | 000,397,520 | ---- | M] ()
(TFsExDisk) TFsExDisk [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -> [2011/01/04 17:11:16 | 000,016,392 | ---- | M] (Teruten Inc)
(nnfwdk) Nielsen WFP Driver [Kernel | System | Running] -> C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\nnfwdk64.sys -> [2010/10/04 19:06:28 | 000,025,648 | ---- | M] (The Nielsen Company)
(MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -> [2010/08/12 10:40:06 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
(MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -> [2010/08/12 10:40:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA))
({55662437-DA8C-40c0-AADA-2C816A897A49}) Power Control [2010/01/07 20:24:33] [Kernel | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -> [2009/09/17 18:41:28 | 000,146,928 | ---- | M] (CyberLink Corp.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(NPPTNT2) NPPTNT2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysWOW64\npptNT2.sys -> [2005/01/02 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.)
(prohlp02) StarForce Protection Helper Driver v2 [Kernel | Boot | Stopped] -> C:\Windows\System32\drivers\prohlp02.sys -> [2004/04/08 11:06:08 | 000,070,400 | ---- | M] (Protection Technology)
(prodrv06) StarForce Protection Environment Driver v6 [Kernel | System | Stopped] -> C:\Windows\System32\drivers\prodrv06.sys -> [2004/04/08 09:46:50 | 000,054,272 | ---- | M] (Protection Technology)
(sfhlp01) StarForce Protection Helper Driver [Kernel | Boot | Stopped] -> C:\Windows\System32\drivers\sfhlp01.sys -> [2003/12/01 16:20:52 | 000,004,832 | ---- | M] (Protection Technology)
(prosync1) StarForce Protection Synchronization Driver v1 [Kernel | Boot | Stopped] -> C:\Windows\System32\drivers\prosync1.sys -> [2003/09/06 13:22:08 | 000,006,944 | ---- | M] (Protection Technology)
 
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm -> 
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.yahoo.com/?ilc=8 -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"SearchDefaultBranded" -> 1 -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://mystart.incredibar.com/mb118?a=6PQusNkZzZ&i=26 -> 
HKEY_CURRENT_USER\: Main\\"XMLHTTP_UUID_Default" -> 90 E4 5D 01 45 1D 9A 4C 94 4D 51 BE CC F2 80 43  [binary data] -> 
HKEY_CURRENT_USER\: URLSearchHooks\\"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [YTNavAssistPlugin Class] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: URLSearchHooks\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT] -> [2012/04/14 21:09:34 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\0cffxtbr@Maps4PC_0c.com -> C:\PROGRAM FILES (X86)\MAPS4PC_0C\BAR\1.BIN -> 
HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4} -> C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4\ [C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4\] -> [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF} -> C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\ [C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\] -> [2012/04/07 07:22:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com -> C:\PROGRAM FILES (X86)\MYWEBSEARCH\BAR\1.BIN -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Users\tony\AppData\Roaming\Mozilla\Extensions -> [2010/07/21 14:26:56 | 000,000,000 | ---D | M]
  -> C:\Users\tony\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org -> [2010/07/17 07:00:10 | 000,000,000 | ---D | M]
< HOSTS File > ([2012/04/17 17:53:52 | 000,000,027 | ---- | M] - 1 lines) -> C:\Windows\SysNative\Drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 001,321,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll [AVG Safe Search] -> [2012/02/14 04:53:14 | 001,987,936 | ---- | M] (AVG Technologies CZ, s.r.o.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar Helper] -> [2012/03/22 18:27:05 | 000,253,040 | ---- | M] (Google Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{02478D38-C3F9-4EFB-9B51-7695ECA05670} [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [&Yahoo! Toolbar Helper] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
{3049C3E9-B461-4BC5-8870-4C09146192CA} [HKLM] -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll [RealPlayer Download and Record Plugin for Internet Explorer] -> [2011/12/04 18:38:32 | 000,425,680 | ---- | M] (RealPlayer)
{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 000,898,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll [AVG Safe Search] -> [2012/02/14 04:53:12 | 001,408,352 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} [HKLM] -> C:\Program Files (x86)\Wajam\IE\priam_bho.dll [Wajam] -> [2012/04/12 18:32:08 | 000,260,616 | ---- | M] (Wajam)
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Skype Browser Helper] -> [2011/10/10 11:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008/12/30 02:03:26 | 000,098,304 | ---- | M] ()
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar Helper] -> [2011/04/01 11:14:30 | 001,144,072 | ---- | M] (Microsoft Corporation.)
< 64bit-Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/03/22 18:27:05 | 000,253,040 | ---- | M] (Google Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{8dcb7100-df86-4384-8842-8fa844297b3f}" [HKLM] -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [Bing Bar] -> [2011/04/01 11:14:30 | 001,144,072 | ---- | M] (Microsoft Corporation.)
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [Yahoo! Toolbar] -> [2012/03/21 02:52:28 | 001,523,512 | ---- | M] (Yahoo! Inc.)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> 
64bit-WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [Google Toolbar] -> [2012/03/22 18:27:05 | 000,253,040 | ---- | M] (Google Inc.)
WebBrowser\\"{30F9B915-B755-4826-820B-08FBA6BD249D}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"IntelliPoint" -> c:\Program Files\Microsoft IntelliPoint\ipoint.exe ["c:\Program Files\Microsoft IntelliPoint\ipoint.exe"] -> [2011/08/01 16:59:06 | 002,417,032 | ---- | M] (Microsoft Corporation)
"itype" -> c:\Program Files\Microsoft IntelliType Pro\itype.exe ["c:\Program Files\Microsoft IntelliType Pro\itype.exe"] -> [2011/08/10 17:40:58 | 001,873,256 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"AMD AVT" -> C:\Windows\SysWow64\cmd.exe [Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml] -> [2009/07/14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation)
"AVG_TRAY" -> C:\Program Files (x86)\AVG\AVG2012\avgtray.exe ["C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"] -> [2012/02/16 04:57:46 | 002,575,712 | ---- | M] (AVG Technologies CZ, s.r.o.)
"BATINDICATOR" -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe [C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe] -> [2009/05/08 17:39:48 | 002,068,992 | ---- | M] (Hewlett-Packard)
"HP Remote Solution" -> C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [%ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe] -> [2009/08/25 03:11:16 | 000,656,896 | ---- | M] (Hewlett-Packard)
"hpsysdrv" -> c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe] -> [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard)
"IAStorIcon" -> C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe] -> [2009/10/02 13:26:10 | 000,284,696 | ---- | M] (Intel Corporation)
"LaunchHPOSIAPP" -> C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe] -> [2009/04/03 19:24:42 | 000,385,024 | ---- | M] (Hewlett-Packard)
"LWS" -> C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide] -> [2011/11/11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun] -> [2012/03/09 02:30:12 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.)
"TkBellExe" -> C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe ["C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot] -> [2011/12/04 18:38:15 | 000,296,056 | ---- | M] (RealNetworks, Inc.)
"YSearchProtection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe ["C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe"] -> [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"HydraVisionDesktopManager" -> C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe ["C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"] -> [2009/12/01 23:37:30 | 000,385,024 | ---- | M] (AMD)
"igndlm.exe" -> C:\Program Files (x86)\Download Manager\DLM.exe [C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork] -> [2009/10/27 18:18:00 | 001,103,216 | ---- | M] (IGN Entertainment)
"KiesHelper" -> C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s] -> [2012/04/04 06:05:14 | 000,954,256 | ---- | M] (Samsung)
"KiesPDLR" -> C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe] -> [2012/04/04 06:05:28 | 000,021,392 | ---- | M] ()
"Search Protection" -> C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe] -> [2009/02/23 14:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc)
"SpybotSD TeaTimer" -> C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe] -> [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)
"Steam" -> C:\Program Files (x86)\Steam\Steam.exe ["C:\Program Files (x86)\Steam\Steam.exe" -silent] -> [2012/04/15 10:37:06 | 001,242,448 | ---- | M] (Valve Corporation)
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" ->  [0] -> File not found
\\"ConsentPromptBehaviorUser" ->  [3] -> File not found
\\"EnableLUA" ->  [0] -> File not found
\\"PromptOnSecureDesktop" ->  [0] -> File not found
\\"HideFastUserSwitching" ->  [0] -> File not found
\\"New Value #1" ->  [] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [145] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableLockWorkstation" ->  [0] -> File not found
\\"DisableChangePassword" ->  [0] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download all with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 12:25:02 | 000,000,893 | ---- | M] ()
Download selected with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 12:25:02 | 000,000,463 | ---- | M] ()
Download video with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 00:34:42 | 000,001,706 | ---- | M] ()
Download with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 12:25:02 | 000,002,140 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> 
Download all with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlall.htm [file://C:\Program Files (x86)\Free Download Manager\dlall.htm] -> [2007/06/02 12:25:02 | 000,000,893 | ---- | M] ()
Download selected with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlselected.htm [file://C:\Program Files (x86)\Free Download Manager\dlselected.htm] -> [2007/06/02 12:25:02 | 000,000,463 | ---- | M] ()
Download video with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dlfvideo.htm [file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm] -> [2007/07/27 00:34:42 | 000,001,706 | ---- | M] ()
Download with Free Download Manager -> C:\Program Files (x86)\Free Download Manager\dllink.htm [file://C:\Program Files (x86)\Free Download Manager\dllink.htm] -> [2007/06/02 12:25:02 | 000,002,140 | ---- | M] ()
Google Sidewiki... ->  [res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html] -> File not found
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DA58ACA7-18A6-403A-93DA-6E4172D43709}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll [Button: AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 001,321,824 | ---- | M] (AVG Technologies CZ, s.r.o.)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Button: Skype Click to Call] -> [2011/10/10 11:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.)
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}:{898EA8C8-E7FF-479B-8935-AEC46303B9E5} [HKLM] -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [Menu: Skype Click to Call] -> [2011/10/10 11:09:16 | 003,834,016 | ---- | M] (Skype Technologies S.A.)
{DA58ACA7-18A6-403A-93DA-6E4172D43709}:{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} [HKLM] -> C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll [Button: AVG Do-Not-Track] -> [2012/02/20 05:04:16 | 000,898,912 | ---- | M] (AVG Technologies CZ, s.r.o.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> 
PluginsPage -> http://activex.microsoft.com/control...ext=%s&mime=%s -> 
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{0067DBFC-A752-458C-AE6E-B9C7E63D4824} [HKLM] -> http://www.logitech.com/devicedetect...etection32.cab [Device Detection] -> 
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab [PCPitstop Utility] -> 
{140E4DF8-9E14-4A34-9577-C77561ED7883} [HKLM] -> http://content.systemrequirementslab...i_4.1.71.0.cab [SysInfo Class] -> 
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} [HKLM] -> C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll [Installation Support] -> 
{39B0684F-D7BF-4743-B050-FDC3F48F7E3B} [HKLM] -> http://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab [CDownloadCtrl Object] -> 
{73ECB3AA-4717-450C-A2AB-D00DAD9EE203} [HKLM] -> http://h20270.www2.hp.com/ediags/gmn...Detection2.cab [GMNRev Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0] -> 
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} [HKLM] -> http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab [PCMaticVer Class] -> 
{C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} [HKLM] -> https://battlefield.play4free.com/st...r_1.0.66.2.cab [Battlefield Play4Free Updater] -> 
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_26] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jin...ndows-i586.cab [Java Plug-in 1.6.0_26] -> 
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} [HKLM] -> http://utilities.pcpitstop.com/da2/PCPitStop2.cab [PCPitstop Exam] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 192.168.1.254 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{14A415D3-A49B-4310-B7F9-59487581C101}\\DhcpNameServer -> 192.168.1.254   (Realtek PCIe GBE Family Controller) -> 
{15CC91D2-E2F2-455A-BD8A-2C60E42E189A}\\DhcpNameServer -> 192.168.1.254   (802.11n Wireless LAN Card) -> 
{C8BB1216-68BF-461B-AEAC-74DC30A29905}\\DhcpNameServer -> 192.168.42.129   (SAMSUNG Android USB Remote NDIS Network Device) -> 
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysNative\userinit.exe -> [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet -> 
systempropertiesperformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/14 02:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
*UserInit* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit -> 
C:\Windows\system32\userinit.exe -> C:\Windows\SysWOW64\userinit.exe -> [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{E54729E8-BB3D-4270-9D49-7389EA579090}" [HKLM] -> C:\Windows\SysWOW64\ezUPBHook.dll [EasyBits Security Shield Hook - prevents launching insecure programs by kids] -> [2010/01/07 21:37:37 | 000,052,272 | ---- | M] (EasyBits Software Corp.)
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{0BD98A84-BEAC-4C88-B431-4D5BF2953B0F} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{158B9081-018C-4BAF-883C-C3F787A3F9ED} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system | 
{2E212A26-0D2D-4918-BC20-417FDF20E48D} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{3523CB2E-FCB7-4D0E-AA83-3366DB93F8D9} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system | 
{438F393B-E286-4F0D-B1A9-7721F813FD72} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system | 
{66C34473-E5C8-4750-88DF-64A6D36FE283} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{6A61F0DD-B310-48BA-9F23-63443DE2802D} -> lport=1900 | profile=public | protocol=17 | dir=in | action=allow | name=network discovery (ssdp-in) | app=c:\windows\system32\svchost.exe | svc=ssdpsrv | 
{6D87CD9E-DBB3-4C77-A436-4E958FBDFF7C} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system | 
{6E10C56A-0C9F-4A20-BD72-607CC16CC65C} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system | 
{7508839C-5663-47CB-8420-31E49D7173E8} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{7950BCD1-CCED-40FD-8BF6-6247A64F8FAF} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system | 
{799003F7-52DF-4032-A326-BD74FB0D378F} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{7EF86CD5-5310-4942-B866-7B36477814CE} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live communications platform (upnp) | 
{83527542-07A7-4BE5-8D85-285898F9D27D} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system | 
{BB2A524D-6099-42E1-B840-AC5DCE42FE9B} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler | 
{C2C20A11-C17D-41A7-AA92-549AAD780F45} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live communications platform (ssdp) | 
{C94D862E-E557-4D94-8DF3-60F0A9927E5A} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system | 
{CF7892FF-BF68-4F6C-A445-51918B069D8A} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system | 
{D6B72E0C-FD27-4415-87CD-F5EECA411A17} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss | 
{E54EEC6A-550A-4B4B-8AED-588580441677} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache | 
{E8DCD7B5-CD78-4F14-B4C6-B6A25AE69388} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv | 
{E993DF6F-8697-40C5-A929-C895E5865466} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system | 
{EA4C36D7-3E36-44CE-8173-789AD45AC3F3} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave | 
{F321CBD4-0983-43A5-8EAB-21140FBBA112} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system | 
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules -> 
{048D50E0-388C-48BA-86C3-C05A0FF7A869} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{0AF0A027-326A-4E91-A7D9-ABA5798B7B6E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{0B4EBE19-480E-4BDC-90AE-D03B41A70A0B} -> profile=domain | protocol=17 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{0B999421-3B0C-416E-89F2-0EA6A50A1EE8} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 | 
{0C41A8BE-9EA8-4228-998E-4AE967321B03} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield: bad company™ 2 | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
{0F64B9FF-C2F5-4851-802B-F6A3BF80EFCB} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{1BFF9E59-D048-4981-8A31-105BDDBCFE6D} -> dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe | 
{1E812969-676A-4CD4-A7BB-E7EF4FFBBAB0} -> profile=private | protocol=17 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{28A57F74-3A82-45AC-B861-91C8F3A7F244} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield: bad company™ 2 | app=c:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe | 
{2A5F964F-518E-444B-A7B9-D3E5BB1BE9FD} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{2AF8CB34-D9AD-4F3D-99E1-113D4BD6EE19} -> profile=private | protocol=17 | dir=in | action=allow | name=ijjioptimizer.exe | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe | 
{2B2FF102-10CE-4BA6-9106-B28C7D747879} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe | 
{306A11BC-0E0F-4D18-8D44-C2830428DB84} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe | 
{35180188-7C15-4F1B-A98A-B0618B5CDA84} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe | 
{363DB79F-FE39-4BA9-84CD-0037E96F7885} -> profile=private | protocol=6 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
{3891EA11-587A-4816-A150-AD390E39FA24} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 | 
{3B3E1F3C-BBA0-4191-A942-E423102669D4} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{3C3DEE0D-07FC-4FF2-B380-AE94E1EFCB92} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
{3C78FB2E-9EA2-4ACD-A76B-62AA829B1E33} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
{3F6EF948-738E-4592-A5DA-6111F1B0D0BC} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{3F807600-46A5-420C-B06F-8403113142B4} -> profile=private | protocol=17 | dir=in | action=allow | name=muz aod app player | app=c:\windows\syswow64\muzapp.exe | 
{40068F64-6399-44B8-880C-94143202E4B1} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{45BCC314-730B-4D46-B1E6-6C5956A684D6} -> profile=private | protocol=6 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{4C5E7299-7349-4970-B153-AACF44D458A7} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{4D4D0687-6F47-4C0B-A4FD-90F629170F1E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system | 
{5047A43C-51BD-401C-8B22-2A19286587BB} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
{5BA83309-78BD-42AA-9005-D9882D468841} -> profile=private | protocol=6 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
{5D112C76-6495-4E5F-971E-FEF2154CE918} -> profile=private | protocol=17 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{619CF72A-6093-4302-81B8-0D8E62421204} -> profile=domain | protocol=6 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{62581B93-3265-4143-AEDF-8A94676CBE0F} -> profile=private | protocol=6 | dir=in | action=allow | name=online shield | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
{65DACC5F-27AB-4D31-82D6-BC0D03147DDD} -> profile=private | protocol=17 | dir=in | action=allow | name=steam | app=c:\program files (x86)\steam\steam.exe | 
{662FD4EC-0DC8-40A0-8B4B-6DA9B9AA7C35} -> profile=public | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{6A03AB5F-62F9-434F-BDFF-8F1AE9380D42} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
{6CDEF74B-4CC3-4A45-B827-48B448E47FFB} -> profile=private | protocol=6 | dir=in | action=allow | name=muz aod app player | app=c:\windows\syswow64\muzapp.exe | 
{73920F5F-9523-441A-B327-B18C6D13FAEA} -> profile=private | protocol=17 | dir=in | action=allow | name=battlefield 3™ | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
{743490F6-E464-407B-85E4-6891AFAD3215} -> dir=in | action=allow | name=programupdatecheck | app=c:\program files (x86)\file type assistant\tsassist.exe | 
{77BE3E79-6E80-4212-8F05-80BBD9E2F270} -> profile=private | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{78E15A02-F889-4431-A83E-C6FA45C716DA} -> profile=private | protocol=6 | dir=in | action=allow | name=battlefield 3™ | app=c:\program files (x86)\electronic arts\battlefield 3\bf3.exe | 
{7ACC6E87-8C12-4adb-91B7-EFC3F2F4705A} -> profile=public | protocol=17 | dir=in | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{8174E542-19BA-49CD-856F-60EFB697335F} -> dir=in | action=allow | name=windows live communications platform | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
{83313234-62D1-4018-B793-363DE7ED4424} -> profile=private | protocol=17 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{88AFC28F-DCAB-4F4E-AACC-0E3591741628} -> profile=private | protocol=6 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{891EEA6B-6263-4187-B835-88022E3E2D27} -> profile=private | protocol=17 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{898D39EE-B680-4D62-9B0F-19567CCF48E4} -> profile=private | protocol=6 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{8DE5C862-82BF-4A64-A559-EF5A65C51658} -> dir=in | action=allow | name=windows live mesh | app=c:\program files (x86)\windows live\mesh\moe.exe | 
{8E31C36D-E445-4ECD-9861-85E2161336E6} -> protocol=58 | dir=in | action=allow | name=@iphlpsvc.dll,-502 | app=system | 
{92459C5E-D350-4cba-AA74-C8F989C9336F} -> profile=private | protocol=6 | dir=out | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{927259DD-F21B-46AF-90CB-17157C30CA7C} -> profile=public | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{94D5DC1C-CA7A-400C-940D-16ACAFD630A4} -> profile=private | protocol=6 | dir=in | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{9A455DC0-8938-4451-9810-803D434BA1BA} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe | 
{9BEEBBE0-EAE2-493F-BDDD-F4DB2241F24F} -> profile=private | protocol=6 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{9C14347F-AA90-40A0-9FF8-EF853289C4EF} -> profile=private | protocol=17 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{9CBD5DF8-1917-4069-A918-F881E7315D69} -> profile=private | protocol=6 | dir=in | action=allow | name=ijjioptimizer.exe | app=c:\program files (x86)\ijji\ijji reactor\ijjioptimizer.exe | 
{A56BB65F-3BB3-474F-B3B8-EEC1DCFC7A86} -> profile=private | protocol=17 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{AB1A2D0C-0966-45C0-81DE-797E6BE906E3} -> profile=public | protocol=17 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{AB5F688E-2908-424B-B974-D6BDD3A3DD16} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe | 
{AFEE0F81-50F6-45D8-8F54-41620F3C6BC2} -> profile=private | protocol=17 | dir=in | action=allow | name=esn sonar host application | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
{B078B2B6-A878-44ff-9BCC-458257924F96} -> profile=public | protocol=6 | dir=in | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{B1A40E4F-58DB-490f-9D18-55B5194E8BD5} -> profile=private | protocol=17 | dir=out | action=allow | name=windows explorer | app=c:\windows\explorer.exe | 
{B20B7039-2DCF-4753-8D36-059411857C4E} -> profile=private | protocol=17 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{B3E0D66E-0BC5-4435-8DCC-87B09F011090} -> profile=private | protocol=6 | dir=in | action=allow | name=avg diagnostics 2012 | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
{B6505FE5-8F64-4BEF-B10D-04107D56CA85} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost | 
{B7F6541A-6AEA-405D-BEE0-CAF61D8858AA} -> dir=in | action=allow | name=skype | app=c:\program files (x86)\skype\phone\skype.exe | 
{BAAA85A2-2357-4815-A2A8-305A9757C2D7} -> profile=private | protocol=6 | dir=in | action=allow | name=bonjour service | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
{C0F9278F-C9C8-4747-AEE6-874867C0DE8E} -> profile=private | protocol=6 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
{C3E9B20A-B7E2-4aab-9835-3C548937E46F} -> profile=private | dir=out | action=allow | name=windows shell | app=c:\windows\explorer.exe | 
{C99053D4-0C66-4ED5-B2B1-7B68BD22A64B} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 | 
{C9CF8E3B-EBC6-4311-92E3-947220987FAD} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
{D12E2195-7C07-479D-B364-5872D84DD261} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe | 
{D39B906C-4C79-473A-90A9-010E06EE0920} -> profile=private | protocol=17 | dir=in | action=allow | name=personal e-mail scanner | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
{D3C0F77C-4D2B-42E2-BA56-42C4A29077DB} -> profile=private | protocol=6 | dir=in | action=allow | name=pnkbstra | app=c:\windows\syswow64\pnkbstra.exe | 
{D89CA11E-B30C-4F0F-BC1D-FB582F5E8579} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
{E0AB3417-F4E5-4D70-91CA-A583D932950C} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
{E401C239-547C-4898-B5E5-735937F58EEB} -> profile=public | protocol=6 | dir=in | action=allow | name=pnkbstrb | app=c:\windows\syswow64\pnkbstrb.exe | 
{E6DB07FB-66F7-4FB7-AB0E-638BF1AB9529} -> profile=private | protocol=17 | dir=in | action=allow | name=hp network communicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
{E845BCA9-3C3C-4357-B4D2-D5D9755A069E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe | 
{E8A0F33C-E9D0-4784-A2C7-25BBE5B26601} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
{EB53174E-214C-4B84-81BB-BE7DF454858A} -> profile=private | protocol=6 | dir=in | action=allow | name=avg installer | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
{EB81C682-F79E-4732-9825-03F1E652148B} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
{EC2E65EB-D0C8-4545-BF5E-41158E047E2C} -> profile=private | protocol=6 | dir=in | action=allow | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
{EE68ED65-4342-481A-9FDB-81B639DEC51D} -> profile=private | protocol=17 | dir=in | action=allow | name=hp device setup | app=c:\program files\hp\hp photosmart plus b210 series\bin\devicesetup.exe | 
{F270B614-7FC3-429D-AC10-59FC96EC9C2A} -> profile=private | protocol=17 | dir=in | action=allow | name=logitech vid hd | app=c:\program files (x86)\logitech\vid hd\vid.exe | 
{F42823E8-90A8-4076-A5A5-4BB86EA744D3} -> profile=private | protocol=17 | dir=in | action=allow | name=abbyy finereader | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 
{F75E4049-00BF-4E0C-B71A-111D3B28AF22} -> protocol=58 | dir=out | action=allow | name=@iphlpsvc.dll,-503 | 
{FB3C034C-723C-48B5-9118-D6279D7D146E} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 | 
{FC3962DE-A873-4692-9719-534DC2DB7A8E} -> dir=in | action=allow | name=webkit | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
{FDC3B3F5-E9EF-43AC-AE75-A0E28A49288E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
TCP Query User{0C9D268A-F481-4207-9E23-FF8A7EF95128}C:\program files (x86)\505games\1c\men of war\mow.exe -> profile=private | protocol=6 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow.exe | 
TCP Query User{28C8F17F-E026-4B3A-9047-5F53D211BA36}C:\program files (x86)\505games\1c\men of war\mow_mp.exe -> profile=private | protocol=6 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow_mp.exe | 
TCP Query User{28EA2D27-67DF-480A-9CA7-B7ED3AA5DFD3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=6 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
TCP Query User{3CDAA89A-9916-4679-A38B-024209D3FFB1}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe -> profile=public | protocol=6 | dir=in | action=block | name=hpnetworkcommunicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
TCP Query User{52DB951E-49C4-48AC-8DE0-4D72C9BF81B0}C:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe -> profile=private | protocol=6 | dir=in | action=allow | name=silent hunter iv | app=c:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe | 
TCP Query User{693C73F4-26CE-4ABF-A46F-BCF1E63C4037}C:\program files (x86)\ijji\ijji reactor\reactor.exe -> profile=private | protocol=6 | dir=in | action=allow | name=reactor application | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe | 
TCP Query User{6E528DCC-BF03-4A18-BA08-3F6654025456}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
TCP Query User{A43BBE6A-C59E-4BC4-92A8-A5820361F58E}C:\program files (x86)\free download manager\fdm.exe -> profile=private | protocol=6 | dir=in | action=allow | name=free download manager | app=c:\program files (x86)\free download manager\fdm.exe | 
TCP Query User{B3A4F668-4F24-412C-B56F-A82766C53BFB}C:\program files (x86)\tvuplayer\tvuplayer.exe -> profile=private | protocol=6 | dir=in | action=block | name=tvuplayer component | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
TCP Query User{C16516B3-A828-4934-862B-74192F61A171}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=6 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
TCP Query User{DCB611B9-5C2E-43C1-93CB-41CEF936DC32}C:\program files (x86)\ubisoft\silenthunteriii\sh3.exe -> profile=private | protocol=6 | dir=in | action=allow | name=silent hunter iii | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe | 
UDP Query User{53A37BD1-E0AB-4561-A3F1-17F590CE16CE}C:\program files (x86)\java\jre6\bin\javaw.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
UDP Query User{93366096-33CB-4929-9262-4E756CDB0C62}C:\program files (x86)\505games\1c\men of war\mow_mp.exe -> profile=private | protocol=17 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow_mp.exe | 
UDP Query User{9C637C33-7E89-479D-ACBB-69F21D2F9CE7}C:\program files (x86)\tvuplayer\tvuplayer.exe -> profile=private | protocol=17 | dir=in | action=block | name=tvuplayer component | app=c:\program files (x86)\tvuplayer\tvuplayer.exe | 
UDP Query User{A93B18FC-3AB6-4A1E-9A2B-B47314EB9208}C:\program files (x86)\ijji\ijji reactor\reactor.exe -> profile=private | protocol=17 | dir=in | action=allow | name=reactor application | app=c:\program files (x86)\ijji\ijji reactor\reactor.exe | 
UDP Query User{B3CB5CA5-3661-43C5-BE3A-6EE75443E3A3}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe -> profile=public | protocol=17 | dir=in | action=block | name=yahoo! messenger | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe | 
UDP Query User{B5F40723-7538-4C91-A3C7-1E258045C904}C:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe -> profile=private | protocol=17 | dir=in | action=allow | name=silent hunter iv | app=c:\program files (x86)\ubisoft\silent hunter 4 wolves of the pacific\sh4.exe | 
UDP Query User{BB25790D-8B4C-4655-BF41-824292B1CF42}C:\program files (x86)\ubisoft\silenthunteriii\sh3.exe -> profile=private | protocol=17 | dir=in | action=allow | name=silent hunter iii | app=c:\program files (x86)\ubisoft\silenthunteriii\sh3.exe | 
UDP Query User{BE015D6A-D911-4892-9811-CEB133D38D95}C:\program files (x86)\internet explorer\iexplore.exe -> profile=private | protocol=17 | dir=in | action=allow | name=internet explorer | app=c:\program files (x86)\internet explorer\iexplore.exe | 
UDP Query User{C5CE4881-43C6-4F44-8B21-8E950B1996E8}C:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe -> profile=public | protocol=17 | dir=in | action=block | name=hpnetworkcommunicator | app=c:\program files\hp\hp photosmart plus b210 series\bin\hpnetworkcommunicator.exe | 
UDP Query User{E94CECB8-2460-4EB2-9924-9FCF0EB7B3B0}C:\program files (x86)\free download manager\fdm.exe -> profile=private | protocol=17 | dir=in | action=allow | name=free download manager | app=c:\program files (x86)\free download manager\fdm.exe | 
UDP Query User{F30792C6-5BBE-48CE-BD6F-00039949EB59}C:\program files (x86)\505games\1c\men of war\mow.exe -> profile=private | protocol=17 | dir=in | action=allow | name=main executable | app=c:\program files (x86)\505games\1c\men of war\mow.exe | 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/14 00:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > ->  -> 
E:\AutoRun.exe [MZ | ] -> E:\AutoRun.exe [ CDFS ] -> [2011/10/07 14:22:00 | 068,472,672 | R--- | M] (Electronic Arts)
E:\Autorun [] -> E:\Autorun [ CDFS ] -> [2011/10/08 00:24:21 | 000,000,000 | ---D | M]
E:\Autorun.ico [] -> E:\Autorun.ico [ CDFS ] -> [2011/09/09 20:35:07 | 000,206,657 | R--- | M] ()
E:\autorun.inf [[autorun] |  | open=Autorun.exe |  | Icon=Autorun.ico |  | Name=Battlefield 3 |  | ] -> E:\autorun.inf [ CDFS ] -> [2011/10/08 00:24:21 | 000,000,144 | R--- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
64bit-comfile [open] -> "%1" %*
64bit-exefile [open] -> "%1" %*
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
 
[Files/Folders - Created Within 30 Days]
 $RECYCLE.BIN -> C:\$RECYCLE.BIN -> [2012/04/17 17:54:09 | 000,000,000 | -HSD | C]
 New folder -> C:\Users\tony\Desktop\New folder -> [2012/04/17 17:49:07 | 000,000,000 | ---D | C]
 ComboFix -> C:\ComboFix -> [2012/04/17 17:43:25 | 000,000,000 | ---D | C]
 SWREG.exe -> C:\Windows\SWREG.exe -> [2012/04/17 16:21:59 | 000,518,144 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\Windows\SWSC.exe -> [2012/04/17 16:21:59 | 000,406,528 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\Windows\NIRCMD.exe -> [2012/04/17 16:21:59 | 000,060,416 | ---- | C] (NirSoft)
 OriginSetup.exe -> C:\Users\tony\Desktop\OriginSetup.exe -> [2012/04/16 20:48:13 | 035,859,328 | ---- | C] (Electronic Arts, Inc.)
 ATI -> C:\ProgramData\ATI -> [2012/04/16 20:31:39 | 000,000,000 | ---D | C]
 AMD AVT -> C:\Program Files (x86)\AMD AVT -> [2012/04/16 20:31:07 | 000,000,000 | ---D | C]
 Catalyst Control Center -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center -> [2012/04/16 20:30:47 | 000,000,000 | ---D | C]
 {CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212} -> C:\Users\tony\AppData\Local\{CB3D5CF2-6E7C-4F3E-9ECD-0B6876773212} -> [2012/04/15 12:40:48 | 000,000,000 | ---D | C]
 {3B990DC9-EA51-4864-B87C-6377D261C81F} -> C:\Users\tony\AppData\Local\{3B990DC9-EA51-4864-B87C-6377D261C81F} -> [2012/04/15 12:40:26 | 000,000,000 | ---D | C]
 Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2012/04/15 12:38:33 | 000,000,000 | ---D | C]
 Steam -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam -> [2012/04/15 09:47:57 | 000,000,000 | ---D | C]
 Steam -> C:\Program Files (x86)\Steam -> [2012/04/15 09:47:57 | 000,000,000 | ---D | C]
 {D0C320BA-AF65-47CD-AC17-D3EEE86B441C} -> C:\Users\tony\AppData\Local\{D0C320BA-AF65-47CD-AC17-D3EEE86B441C} -> [2012/04/14 16:20:29 | 000,000,000 | ---D | C]
 {AC38A120-D29E-485F-97B1-67C9565F99A6} -> C:\Users\tony\AppData\Local\{AC38A120-D29E-485F-97B1-67C9565F99A6} -> [2012/04/14 16:20:08 | 000,000,000 | ---D | C]
 Wajam -> C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam -> [2012/04/14 12:43:29 | 000,000,000 | ---D | C]
 Wajam -> C:\Users\tony\AppData\Local\Wajam -> [2012/04/14 12:43:26 | 000,000,000 | ---D | C]
 Wajam -> C:\Program Files (x86)\Wajam -> [2012/04/14 12:43:25 | 000,000,000 | ---D | C]
 {FE2575D4-938B-463C-BF48-D19364A6D836} -> C:\Users\tony\AppData\Local\{FE2575D4-938B-463C-BF48-D19364A6D836} -> [2012/04/13 23:07:00 | 000,000,000 | ---D | C]
 {8A4A0784-0F59-418C-8478-2D275E9C6465} -> C:\Users\tony\AppData\Local\{8A4A0784-0F59-418C-8478-2D275E9C6465} -> [2012/04/13 23:06:35 | 000,000,000 | ---D | C]
 BFBC2 -> C:\Users\tony\Documents\BFBC2 -> [2012/04/13 21:50:26 | 000,000,000 | ---D | C]
 _OTL -> C:\_OTL -> [2012/04/12 15:46:11 | 000,000,000 | ---D | C]
 {09197206-9038-4C87-8DB7-80297CE57D43} -> C:\Users\tony\AppData\Local\{09197206-9038-4C87-8DB7-80297CE57D43} -> [2012/04/11 21:05:10 | 000,000,000 | ---D | C]
 {EE623F98-DE60-479A-9B82-70F06740601D} -> C:\Users\tony\AppData\Local\{EE623F98-DE60-479A-9B82-70F06740601D} -> [2012/04/11 21:04:48 | 000,000,000 | ---D | C]
 Yahoo! Search Protection -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Search Protection -> [2012/04/10 20:02:50 | 000,000,000 | ---D | C]
 Yahoo! Messenger -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger -> [2012/04/10 20:01:38 | 000,000,000 | ---D | C]
 {ED0739EE-62DC-436A-A469-15FE30932C28} -> C:\Users\tony\AppData\Local\{ED0739EE-62DC-436A-A469-15FE30932C28} -> [2012/04/10 19:35:45 | 000,000,000 | ---D | C]
 {A0837905-B61B-4AF9-9C3A-F243CDF7B5A1} -> C:\Users\tony\AppData\Local\{A0837905-B61B-4AF9-9C3A-F243CDF7B5A1} -> [2012/04/10 19:35:23 | 000,000,000 | ---D | C]
 ERDNT -> C:\Windows\ERDNT -> [2012/04/10 16:05:55 | 000,000,000 | ---D | C]
 Qoobox -> C:\Qoobox -> [2012/04/10 16:05:00 | 000,000,000 | ---D | C]
 obxtony -> C:\Users\tony\Desktop\obxtony -> [2012/04/10 16:04:35 | 000,000,000 | ---D | C]
 {2F066433-5805-4286-8505-D0C0A15E38B4} -> C:\Users\tony\AppData\Local\{2F066433-5805-4286-8505-D0C0A15E38B4} -> [2012/04/09 19:01:57 | 000,000,000 | ---D | C]
 {C9F53BDD-5E51-4686-B64B-E0D91B5B1C37} -> C:\Users\tony\AppData\Local\{C9F53BDD-5E51-4686-B64B-E0D91B5B1C37} -> [2012/04/09 19:01:34 | 000,000,000 | ---D | C]
 {EBC24E23-B1D8-4BD5-9523-7D7914FE002C} -> C:\Users\tony\AppData\Local\{EBC24E23-B1D8-4BD5-9523-7D7914FE002C} -> [2012/04/08 19:19:42 | 000,000,000 | ---D | C]
 {8D606DB7-1713-4A97-9290-21324C7740D7} -> C:\Users\tony\AppData\Local\{8D606DB7-1713-4A97-9290-21324C7740D7} -> [2012/04/08 19:19:08 | 000,000,000 | ---D | C]
 {D4F5AD0E-3665-4FB0-8FED-9160A54DC115} -> C:\Users\tony\AppData\Local\{D4F5AD0E-3665-4FB0-8FED-9160A54DC115} -> [2012/04/07 21:58:15 | 000,000,000 | ---D | C]
 {3509F9A2-AADA-469F-89F9-7EE2A70EF3A2} -> C:\Users\tony\AppData\Local\{3509F9A2-AADA-469F-89F9-7EE2A70EF3A2} -> [2012/04/07 21:57:42 | 000,000,000 | ---D | C]
 MigWiz -> C:\Users\tony\AppData\Local\MigWiz -> [2012/04/07 19:26:12 | 000,000,000 | ---D | C]
 Safer Networking -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safer Networking -> [2012/04/07 09:34:17 | 000,000,000 | ---D | C]
 Safer Networking -> C:\Program Files (x86)\Safer Networking -> [2012/04/07 09:34:15 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy -> [2012/04/07 09:12:30 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\ProgramData\Spybot - Search & Destroy -> [2012/04/07 09:12:19 | 000,000,000 | ---D | C]
 Spybot - Search & Destroy -> C:\Program Files (x86)\Spybot - Search & Destroy -> [2012/04/07 09:12:19 | 000,000,000 | ---D | C]
 {067C83F3-C17B-4A8B-8ED0-CDC052226BEF} -> C:\Users\tony\AppData\Local\{067C83F3-C17B-4A8B-8ED0-CDC052226BEF} -> [2012/04/06 18:57:06 | 000,000,000 | ---D | C]
 {5EB24990-5AC6-42D9-A311-631507352D3F} -> C:\Users\tony\AppData\Local\{5EB24990-5AC6-42D9-A311-631507352D3F} -> [2012/04/06 18:56:56 | 000,000,000 | ---D | C]
 calibre -> C:\Users\tony\AppData\Roaming\calibre -> [2012/04/06 14:42:45 | 000,000,000 | ---D | C]
 Calibre2 -> C:\Program Files (x86)\Calibre2 -> [2012/04/06 14:42:25 | 000,000,000 | ---D | C]
 calibre - E-book Management -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management -> [2012/04/06 14:42:25 | 000,000,000 | ---D | C]
 calibre -> C:\Users\tony\Desktop\calibre -> [2012/04/06 14:39:14 | 000,000,000 | ---D | C]
 dds -> C:\Users\tony\Documents\dds -> [2012/04/06 09:37:22 | 000,000,000 | ---D | C]
 {9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7} -> C:\Users\tony\AppData\Local\{9736F8A5-2C6F-4525-BA7C-C6DB789CE4A7} -> [2012/04/05 20:52:11 | 000,000,000 | ---D | C]
 {EE89EB67-0EC3-4C73-A05F-1989EFD85538} -> C:\Users\tony\AppData\Local\{EE89EB67-0EC3-4C73-A05F-1989EFD85538} -> [2012/04/05 20:52:01 | 000,000,000 | ---D | C]
 {0FE452DD-D14E-4681-B38D-50BC06F5E0AB} -> C:\Users\tony\AppData\Local\{0FE452DD-D14E-4681-B38D-50BC06F5E0AB} -> [2012/04/05 20:51:23 | 000,000,000 | ---D | C]
 anti virus progs -> C:\Users\tony\Desktop\anti virus progs -> [2012/04/05 20:50:09 | 000,000,000 | ---D | C]
 {6A63525C-CECC-45C8-ADDD-3CFBBB397684} -> C:\Users\tony\AppData\Local\{6A63525C-CECC-45C8-ADDD-3CFBBB397684} -> [2012/04/05 20:19:52 | 000,000,000 | ---D | C]
 Doctor Web -> C:\Users\tony\Doctor Web -> [2012/04/05 20:19:19 | 000,000,000 | ---D | C]
 Doctor Web -> C:\Program Files\Common Files\Doctor Web -> [2012/04/05 20:15:24 | 000,000,000 | ---D | C]
 WinRAR -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2012/04/05 11:09:29 | 000,000,000 | ---D | C]
 WinRAR -> C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR -> [2012/04/05 11:09:28 | 000,000,000 | ---D | C]
 7-Zip -> C:\Program Files (x86)\7-Zip -> [2012/04/05 10:51:04 | 000,000,000 | ---D | C]
 Trojan Remover -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover -> [2012/04/04 21:20:19 | 000,000,000 | ---D | C]
 Trojan Remover -> C:\Program Files (x86)\Trojan Remover -> [2012/04/04 21:20:17 | 000,000,000 | ---D | C]
 HiJackThis -> C:\Users\tony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis -> [2012/04/04 20:16:41 | 000,000,000 | ---D | C]
 Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2012/04/04 20:16:38 | 000,000,000 | ---D | C]
 Doctor Web -> C:\ProgramData\Doctor Web -> [2012/04/04 14:11:54 | 000,000,000 | ---D | C]
 {05CDD276-D8EB-470D-BEEE-5F884B7CD010} -> C:\Users\tony\AppData\Local\{05CDD276-D8EB-470D-BEEE-5F884B7CD010} -> [2012/04/04 14:00:09 | 000,000,000 | ---D | C]
 {AE25F25F-56DB-45D6-8383-20B62CA3C443} -> C:\Users\tony\AppData\Local\{AE25F25F-56DB-45D6-8383-20B62CA3C443} -> [2012/04/04 13:59:33 | 000,000,000 | ---D | C]
 FileTypeAssistant -> C:\Users\tony\AppData\Local\FileTypeAssistant -> [2012/04/03 20:43:19 | 000,000,000 | ---D | C]
 File Type Assistant -> C:\Program Files (x86)\File Type Assistant -> [2012/04/03 20:42:07 | 000,000,000 | ---D | C]
 {43822405-A0B3-48A8-A2D8-F9FA6492E5D9} -> C:\Users\tony\AppData\Local\{43822405-A0B3-48A8-A2D8-F9FA6492E5D9} -> [2012/04/03 18:37:40 | 000,000,000 | ---D | C]
 {9B47A818-941C-4DBB-9E95-CAF8FCA90AF4} -> C:\Users\tony\AppData\Local\{9B47A818-941C-4DBB-9E95-CAF8FCA90AF4} -> [2012/04/03 18:37:15 | 000,000,000 | ---D | C]
 en -> C:\Windows\en -> [2012/04/03 18:31:11 | 000,000,000 | ---D | C]
 fssfltr.sys -> C:\Windows\SysNative\drivers\fssfltr.sys -> [2012/04/03 18:27:06 | 000,048,488 | ---- | C] (Microsoft Corporation)
 Windows Live -> C:\Program Files (x86)\Windows Live -> [2012/04/03 18:27:04 | 000,000,000 | ---D | C]
 antiphishing-vmninternethelper1_1dn -> C:\Users\tony\AppData\Local\antiphishing-vmninternethelper1_1dn -> [2012/04/03 17:51:00 | 000,000,000 | ---D | C]
 Anti-phishing Domain Advisor -> C:\ProgramData\Anti-phishing Domain Advisor -> [2012/04/03 17:49:47 | 000,000,000 | ---D | C]
 DoctorWeb -> C:\Users\tony\DoctorWeb -> [2012/04/03 14:07:27 | 000,000,000 | ---D | C]
 mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2012/04/03 13:18:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation)
 Malwarebytes' Anti-Malware -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware -> [2012/04/03 13:18:46 | 000,000,000 | ---D | C]
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/04/03 13:18:43 | 000,024,904 | ---- | C] (Malwarebytes Corporation)
 AVG2012 -> C:\Users\tony\AppData\Roaming\AVG2012 -> [2012/04/02 15:36:00 | 000,000,000 | ---D | C]
 AVG -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG -> [2012/04/02 15:34:48 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysWow64\drivers\AVG -> [2012/04/02 15:34:47 | 000,000,000 | ---D | C]
 AVG -> C:\Windows\SysNative\drivers\AVG -> [2012/04/02 15:34:16 | 000,000,000 | ---D | C]
 $AVG -> C:\$AVG -> [2012/04/02 15:34:16 | 000,000,000 | ---D | C]
 {8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB} -> C:\Users\tony\AppData\Local\{8BE1E50B-6B31-4511-B0A3-2DDDAC12D6FB} -> [2012/04/02 14:51:43 | 000,000,000 | ---D | C]
 Avast -> C:\Program Files (x86)\Avast -> [2012/04/02 14:19:23 | 000,000,000 | ---D | C]
 Alwil Software -> C:\ProgramData\Alwil Software -> [2012/04/02 12:35:53 | 000,000,000 | ---D | C]
 {A8DB2F49-72AC-4100-AEF6-AF1C4C00B992} -> C:\Users\tony\AppData\Local\{A8DB2F49-72AC-4100-AEF6-AF1C4C00B992} -> [2012/04/01 21:30:41 | 000,000,000 | ---D | C]
 InstallShield -> C:\ProgramData\InstallShield -> [2012/04/01 20:21:32 | 000,000,000 | ---D | C]
 exPressit SE3.1 -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\exPressit SE3.1 -> [2012/04/01 20:21:29 | 000,000,000 | ---D | C]
 Medea International Ltd -> C:\Program Files (x86)\Medea International Ltd -> [2012/04/01 20:20:57 | 000,000,000 | ---D | C]
 Easy CD & DVD Cover Creator -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy CD & DVD Cover Creator -> [2012/04/01 20:10:05 | 000,000,000 | ---D | C]
 Easy CD & DVD Cover Creator -> C:\Program Files (x86)\Easy CD & DVD Cover Creator -> [2012/04/01 20:10:05 | 000,000,000 | ---D | C]
 {63031E79-5994-47C3-A62B-7E3F16D3BC6B} -> C:\Users\tony\AppData\Local\{63031E79-5994-47C3-A62B-7E3F16D3BC6B} -> [2012/04/01 13:17:12 | 000,000,000 | ---D | C]
 FlashPlayerInstaller.exe -> C:\Windows\SysWow64\FlashPlayerInstaller.exe -> [2012/04/01 09:22:24 | 008,741,536 | ---- | C] (Adobe Systems Incorporated)
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2012/04/01 08:45:22 | 000,418,464 | ---- | C] (Adobe Systems Incorporated)
 {857B99DD-E471-44B7-9D75-EB93AC8824D3} -> C:\Users\tony\AppData\Local\{857B99DD-E471-44B7-9D75-EB93AC8824D3} -> [2012/03/31 21:40:48 | 000,000,000 | ---D | C]
 {2BE6239F-2354-49CF-B5B5-B4C252A1FC21} -> C:\Users\tony\AppData\Local\{2BE6239F-2354-49CF-B5B5-B4C252A1FC21} -> [2012/03/30 16:35:20 | 000,000,000 | ---D | C]
 {9C756B8E-2D97-4233-A6EF-E63260A03254} -> C:\Users\tony\AppData\Local\{9C756B8E-2D97-4233-A6EF-E63260A03254} -> [2012/03/29 13:04:26 | 000,000,000 | ---D | C]
 {446D9E88-128B-449A-BCE0-16FC00C42158} -> C:\Users\tony\AppData\Local\{446D9E88-128B-449A-BCE0-16FC00C42158} -> [2012/03/28 12:50:23 | 000,000,000 | ---D | C]
 {4F060886-1E38-4688-B88B-F8EC7FF14681} -> C:\Users\tony\AppData\Local\{4F060886-1E38-4688-B88B-F8EC7FF14681} -> [2012/03/27 15:17:57 | 000,000,000 | ---D | C]
 {9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F} -> C:\Users\tony\AppData\Local\{9DECEF7E-AF7E-407A-9AFE-9A2810C8BC9F} -> [2012/03/27 15:17:23 | 000,000,000 | ---D | C]
 Audio Related Programs -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs -> [2012/03/26 19:43:29 | 000,000,000 | ---D | C]
 NCH Software -> C:\Users\tony\AppData\Roaming\NCH Software -> [2012/03/26 19:43:28 | 000,000,000 | ---D | C]
 {AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0} -> C:\Users\tony\AppData\Local\{AD78B362-22BB-40CC-8DDE-3A80AEDA3BF0} -> [2012/03/26 16:00:00 | 000,000,000 | ---D | C]
 {DB4E6178-9220-4CC1-A907-8C4A748864AC} -> C:\Users\tony\AppData\Local\{DB4E6178-9220-4CC1-A907-8C4A748864AC} -> [2012/03/26 15:59:26 | 000,000,000 | ---D | C]
 {E70BEA43-EE38-4B90-A0D0-CC548B418F1E} -> C:\Users\tony\AppData\Local\{E70BEA43-EE38-4B90-A0D0-CC548B418F1E} -> [2012/03/25 13:24:43 | 000,000,000 | ---D | C]
 {C174684F-B933-48DA-9705-55BAD924DFDC} -> C:\Users\tony\AppData\Local\{C174684F-B933-48DA-9705-55BAD924DFDC} -> [2012/03/25 13:24:32 | 000,000,000 | ---D | C]
 {849B5759-7852-4C16-A587-DF56D1150EA5} -> C:\Users\tony\AppData\Local\{849B5759-7852-4C16-A587-DF56D1150EA5} -> [2012/03/24 12:25:14 | 000,000,000 | ---D | C]
 {01FAD4A7-E417-4E09-9764-76CBE8829BDE} -> C:\Users\tony\AppData\Local\{01FAD4A7-E417-4E09-9764-76CBE8829BDE} -> [2012/03/24 12:24:40 | 000,000,000 | ---D | C]
 {A9929552-2911-405F-AA91-9BEA9F27082D} -> C:\Users\tony\AppData\Local\{A9929552-2911-405F-AA91-9BEA9F27082D} -> [2012/03/23 12:01:03 | 000,000,000 | ---D | C]
 {4C5C1DF7-380F-4600-A527-60E56CD5BA2D} -> C:\Users\tony\AppData\Local\{4C5C1DF7-380F-4600-A527-60E56CD5BA2D} -> [2012/03/23 12:00:29 | 000,000,000 | ---D | C]
 {94A1ECFB-DF46-47D2-B106-D853457126AE} -> C:\Users\tony\AppData\Local\{94A1ECFB-DF46-47D2-B106-D853457126AE} -> [2012/03/22 19:54:38 | 000,000,000 | ---D | C]
 {24D3FA49-06C1-44B6-B683-53686ADE2D5F} -> C:\Users\tony\AppData\Local\{24D3FA49-06C1-44B6-B683-53686ADE2D5F} -> [2012/03/22 19:54:04 | 000,000,000 | ---D | C]
 {DF9A6783-B1C2-445D-AD89-C2AB4C6478D0} -> C:\Users\tony\AppData\Local\{DF9A6783-B1C2-445D-AD89-C2AB4C6478D0} -> [2012/03/21 16:26:27 | 000,000,000 | ---D | C]
 {E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136} -> C:\Users\tony\AppData\Local\{E32EE5AA-30BC-47D4-BC9E-A71A2B8E9136} -> [2012/03/21 16:25:54 | 000,000,000 | ---D | C]
 {834ED68F-4F61-465C-B4AC-F1884944BBE2} -> C:\Users\tony\AppData\Local\{834ED68F-4F61-465C-B4AC-F1884944BBE2} -> [2012/03/21 13:45:26 | 000,000,000 | ---D | C]
 {DC935FC3-0C2B-4127-BC0F-7D7E85337B0E} -> C:\Users\tony\AppData\Local\{DC935FC3-0C2B-4127-BC0F-7D7E85337B0E} -> [2012/03/20 22:27:58 | 000,000,000 | ---D | C]
 {4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5} -> C:\Users\tony\AppData\Local\{4245FF05-0B0E-49B7-A8EB-1CF0F3B774F5} -> [2012/03/20 22:27:24 | 000,000,000 | ---D | C]
 {AD552651-31B8-4E97-84C9-C49E8D7D9AC6} -> C:\Users\tony\AppData\Local\{AD552651-31B8-4E97-84C9-C49E8D7D9AC6} -> [2012/03/19 11:01:41 | 000,000,000 | ---D | C]
 {07D25B5A-17C4-4616-AAE1-020AB012BC1B} -> C:\Users\tony\AppData\Local\{07D25B5A-17C4-4616-AAE1-020AB012BC1B} -> [2012/03/19 11:01:07 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2012/04/17 21:31:00 | 000,000,898 | ---- | M] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/04/17 21:22:00 | 000,000,830 | ---- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2012/04/17 18:20:45 | 000,015,792 | -H-- | M] ()
 7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2012/04/17 18:20:45 | 000,015,792 | -H-- | M] ()
 GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2012/04/17 17:54:21 | 000,000,894 | ---- | M] ()
 hosts -> C:\Windows\SysNative\drivers\etc\hosts -> [2012/04/17 17:53:52 | 000,000,027 | ---- | M] ()
 bootstat.dat -> C:\Windows\bootstat.dat -> [2012/04/17 17:52:02 | 000,067,584 | --S- | M] ()
 hiberfil.sys -> C:\hiberfil.sys -> [2012/04/17 17:51:14 | 504,688,639 | -HS- | M] ()
 combofix - Shortcut.lnk -> C:\Users\tony\Desktop\combofix - Shortcut.lnk -> [2012/04/17 17:36:16 | 000,014,525 | ---- | M] ()
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2012/04/17 15:46:19 | 095,332,207 | ---- | M] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/04/16 21:31:08 | 000,189,248 | ---- | M] ()
 pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2012/04/16 21:30:59 | 002,434,856 | ---- | M] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2012/04/16 21:30:59 | 000,075,064 | ---- | M] ()
 OriginSetup.exe -> C:\Users\tony\Desktop\OriginSetup.exe -> [2012/04/16 20:49:47 | 035,859,328 | ---- | M] (Electronic Arts, Inc.)
 iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2012/04/16 19:30:43 | 000,624,083 | ---- | M] ()
 iavichjg.avm -> C:\Windows\SysNative\drivers\AVG\iavichjg.avm -> [2012/04/15 19:30:55 | 000,277,357 | ---- | M] ()
 user.js -> C:\user.js -> [2012/04/15 12:38:34 | 000,000,447 | ---- | M] ()
 Steam.lnk -> C:\Users\Public\Desktop\Steam.lnk -> [2012/04/15 09:47:59 | 000,000,919 | ---- | M] ()
 SteamInstall.msi -> C:\Users\tony\Desktop\SteamInstall.msi -> [2012/04/14 13:50:08 | 001,588,224 | ---- | M] ()
 PnkBstrB.xtr -> C:\Windows\SysWow64\PnkBstrB.xtr -> [2012/04/13 21:50:35 | 000,270,904 | ---- | M] ()
 FlashPlayerApp.exe -> C:\Windows\SysWow64\FlashPlayerApp.exe -> [2012/04/13 21:22:54 | 000,418,464 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerCPLApp.cpl -> C:\Windows\SysWow64\FlashPlayerCPLApp.cpl -> [2012/04/13 21:22:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated)
 FlashPlayerInstaller.exe -> C:\Windows\SysWow64\FlashPlayerInstaller.exe -> [2012/04/13 21:22:50 | 008,741,536 | ---- | M] (Adobe Systems Incorporated)
 Yahoo! Messenger.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,165 | ---- | M] ()
 Yahoo! Messenger.lnk -> C:\Users\Public\Desktop\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,141 | ---- | M] ()
 dt.dat -> C:\Users\tony\AppData\Local\dt.dat -> [2012/04/10 19:05:30 | 000,017,407 | ---- | M] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/04/09 19:12:32 | 000,001,115 | ---- | M] ()
 PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2012/04/08 09:31:47 | 000,726,444 | ---- | M] ()
 perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2012/04/08 09:31:47 | 000,628,414 | ---- | M] ()
 perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2012/04/08 09:31:47 | 000,110,598 | ---- | M] ()
 PnkBstrB.ex0 -> C:\Windows\SysWow64\PnkBstrB.ex0 -> [2012/04/07 16:24:06 | 000,283,304 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,288 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,264 | ---- | M] ()
 calibre - E-book management.lnk -> C:\Users\Public\Desktop\calibre - E-book management.lnk -> [2012/04/06 14:42:36 | 000,000,962 | ---- | M] ()
 GetValue.vbs -> C:\Users\tony\AppData\Roaming\GetValue.vbs -> [2012/04/04 20:39:39 | 000,000,691 | ---- | M] ()
 SetValue.bat -> C:\Users\tony\AppData\Roaming\SetValue.bat -> [2012/04/04 20:39:39 | 000,000,035 | ---- | M] ()
 ars.cache -> C:\Users\tony\AppData\Local\ars.cache -> [2012/04/04 20:04:08 | 000,150,880 | ---- | M] ()
 housecall.guid.cache -> C:\Users\tony\AppData\Local\housecall.guid.cache -> [2012/04/04 18:56:35 | 000,000,036 | ---- | M] ()
 mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation)
 ia_remove.sh -> C:\Users\tony\ia_remove.sh -> [2012/04/03 17:22:48 | 000,008,409 | ---- | M] ()
 iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2012/04/02 15:59:01 | 000,000,000 | ---- | M] ()
 AVG 2012.lnk -> C:\Users\Public\Desktop\AVG 2012.lnk -> [2012/04/02 15:34:48 | 000,000,967 | ---- | M] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | M] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | M] ()
 config.nt -> C:\Windows\SysWow64\config.nt -> [2012/04/02 14:58:36 | 000,000,000 | ---- | M] ()
 Launch Internet Explorer Browser.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> [2012/04/02 13:14:05 | 000,001,256 | ---- | M] ()
 FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2012/04/02 09:11:45 | 000,348,088 | ---- | M] ()
 Express Burn Disc Burning Software.lnk -> C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk -> [2012/03/26 19:43:28 | 000,001,196 | ---- | M] ()
 RapportKE64.sys -> C:\Windows\SysNative\drivers\RapportKE64.sys -> [2012/03/26 15:45:32 | 000,101,360 | ---- | M] (Trusteer Ltd.)
 
[Files - No Company Name]
 combofix - Shortcut.lnk -> C:\Users\tony\Desktop\combofix - Shortcut.lnk -> [2012/04/17 17:36:16 | 000,014,525 | ---- | C] ()
 PEV.exe -> C:\Windows\PEV.exe -> [2012/04/17 16:21:59 | 000,256,000 | ---- | C] ()
 MBR.exe -> C:\Windows\MBR.exe -> [2012/04/17 16:21:59 | 000,208,896 | ---- | C] ()
 sed.exe -> C:\Windows\sed.exe -> [2012/04/17 16:21:59 | 000,098,816 | ---- | C] ()
 grep.exe -> C:\Windows\grep.exe -> [2012/04/17 16:21:59 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\Windows\zip.exe -> [2012/04/17 16:21:59 | 000,068,096 | ---- | C] ()
 incavi.avm -> C:\Windows\SysNative\drivers\AVG\incavi.avm -> [2012/04/17 15:46:19 | 095,332,207 | ---- | C] ()
 iavifw.avm -> C:\Windows\SysNative\drivers\AVG\iavifw.avm -> [2012/04/16 19:30:43 | 000,624,083 | ---- | C] ()
 iavichjg.avm -> C:\Windows\SysNative\drivers\AVG\iavichjg.avm -> [2012/04/15 19:30:55 | 000,277,357 | ---- | C] ()
 user.js -> C:\user.js -> [2012/04/15 12:38:33 | 000,000,447 | ---- | C] ()
 Steam.lnk -> C:\Users\Public\Desktop\Steam.lnk -> [2012/04/15 09:47:59 | 000,000,919 | ---- | C] ()
 SteamInstall.msi -> C:\Users\tony\Desktop\SteamInstall.msi -> [2012/04/14 13:50:04 | 001,588,224 | ---- | C] ()
 Yahoo! Messenger.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,165 | ---- | C] ()
 Yahoo! Messenger.lnk -> C:\Users\Public\Desktop\Yahoo! Messenger.lnk -> [2012/04/10 20:01:38 | 000,001,141 | ---- | C] ()
 dt.dat -> C:\Users\tony\AppData\Local\dt.dat -> [2012/04/10 19:05:30 | 000,017,407 | ---- | C] ()
 Malwarebytes Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> [2012/04/09 19:12:32 | 000,001,115 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,288 | ---- | C] ()
 Spybot - Search & Destroy.lnk -> C:\Users\tony\Desktop\Spybot - Search & Destroy.lnk -> [2012/04/07 09:12:31 | 000,001,264 | ---- | C] ()
 calibre - E-book management.lnk -> C:\Users\Public\Desktop\calibre - E-book management.lnk -> [2012/04/06 14:42:36 | 000,000,962 | ---- | C] ()
 GetValue.vbs -> C:\Users\tony\AppData\Roaming\GetValue.vbs -> [2012/04/04 20:39:39 | 000,000,691 | ---- | C] ()
 SetValue.bat -> C:\Users\tony\AppData\Roaming\SetValue.bat -> [2012/04/04 20:39:39 | 000,000,035 | ---- | C] ()
 swsc.exe -> C:\Windows\SysWow64\swsc.exe -> [2012/04/04 20:36:41 | 000,040,960 | ---- | C] ()
 ars.cache -> C:\Users\tony\AppData\Local\ars.cache -> [2012/04/04 20:04:08 | 000,150,880 | ---- | C] ()
 housecall.guid.cache -> C:\Users\tony\AppData\Local\housecall.guid.cache -> [2012/04/04 18:56:35 | 000,000,036 | ---- | C] ()
 Windows Live Movie Maker.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> [2012/04/03 18:29:01 | 000,001,307 | ---- | C] ()
 Windows Live Photo Gallery.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> [2012/04/03 18:28:47 | 000,001,376 | ---- | C] ()
 Windows Live Mail.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> [2012/04/03 18:28:26 | 000,001,460 | ---- | C] ()
 Windows Live Messenger.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> [2012/04/03 18:28:10 | 000,002,488 | ---- | C] ()
 Chat Messenger.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chat Messenger.lnk -> [2012/04/03 17:50:49 | 000,001,179 | ---- | C] ()
 ia_remove.sh -> C:\Users\tony\ia_remove.sh -> [2012/04/03 17:22:48 | 000,008,409 | ---- | C] ()
 iavifw.avm -> C:\Windows\SysWow64\drivers\AVG\iavifw.avm -> [2012/04/02 15:59:01 | 000,000,000 | ---- | C] ()
 AVG 2012.lnk -> C:\Users\Public\Desktop\AVG 2012.lnk -> [2012/04/02 15:34:48 | 000,000,967 | ---- | C] ()
 incavi.avm -> C:\Windows\SysWow64\drivers\AVG\incavi.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | C] ()
 iavichjw.avm -> C:\Windows\SysWow64\drivers\AVG\iavichjw.avm -> [2012/04/02 15:34:47 | 000,000,000 | ---- | C] ()
 Adobe Flash Player Updater.job -> C:\Windows\tasks\Adobe Flash Player Updater.job -> [2012/04/01 08:45:24 | 000,000,830 | ---- | C] ()
 Express Burn Disc Burning Software.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk -> [2012/03/26 19:43:28 | 000,001,208 | ---- | C] ()
 Express Burn Disc Burning Software.lnk -> C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk -> [2012/03/26 19:43:28 | 000,001,196 | ---- | C] ()
 ativvsvl.dat -> C:\Windows\SysWow64\ativvsvl.dat -> [2012/02/15 03:36:36 | 000,204,952 | ---- | C] ()
 ativvsva.dat -> C:\Windows\SysWow64\ativvsva.dat -> [2012/02/15 03:36:36 | 000,157,144 | ---- | C] ()
 OVDecode.dll -> C:\Windows\SysWow64\OVDecode.dll -> [2012/02/14 23:05:16 | 000,054,784 | ---- | C] ()
 kdbsdk32.dll -> C:\Windows\SysWow64\kdbsdk32.dll -> [2012/01/31 07:00:24 | 000,016,896 | ---- | C] ()
 PnkBstrB.exe -> C:\Windows\SysWow64\PnkBstrB.exe -> [2012/01/11 21:39:47 | 000,189,248 | ---- | C] ()
 atipblag.dat -> C:\Windows\SysWow64\atipblag.dat -> [2011/09/13 00:06:16 | 000,003,917 | ---- | C] ()
 GhostObjGAFix.xml -> C:\Users\tony\AppData\Roaming\GhostObjGAFix.xml -> [2011/08/23 18:59:11 | 000,001,854 | ---- | C] ()
 ztvunrar36.dll -> C:\Windows\SysWow64\ztvunrar36.dll -> [2011/07/15 12:25:23 | 000,162,304 | ---- | C] ()
 unrar3.dll -> C:\Windows\SysWow64\unrar3.dll -> [2011/07/15 12:25:23 | 000,153,088 | ---- | C] ()
 ztvunace26.dll -> C:\Windows\SysWow64\ztvunace26.dll -> [2011/07/15 12:25:23 | 000,077,312 | ---- | C] ()
 unacev2.dll -> C:\Windows\SysWow64\unacev2.dll -> [2011/07/15 12:25:23 | 000,075,264 | ---- | C] ()
 mlfcache.dat -> C:\Windows\SysWow64\mlfcache.dat -> [2011/07/07 18:40:34 | 000,145,704 | -H-- | C] ()
 MusiccityDownload.exe -> C:\Windows\MusiccityDownload.exe -> [2011/04/27 14:19:32 | 000,030,568 | ---- | C] ()
 ODBC.INI -> C:\Windows\ODBC.INI -> [2011/04/14 19:39:27 | 000,000,376 | ---- | C] ()
 cis-2.4.dll -> C:\Windows\SysWow64\cis-2.4.dll -> [2011/01/04 17:10:56 | 000,974,848 | ---- | C] ()
 issacapi_bs-2.3.dll -> C:\Windows\SysWow64\issacapi_bs-2.3.dll -> [2011/01/04 17:10:56 | 000,081,920 | ---- | C] ()
 issacapi_pe-2.3.dll -> C:\Windows\SysWow64\issacapi_pe-2.3.dll -> [2011/01/04 17:10:56 | 000,065,536 | ---- | C] ()
 issacapi_se-2.3.dll -> C:\Windows\SysWow64\issacapi_se-2.3.dll -> [2011/01/04 17:10:56 | 000,057,344 | ---- | C] ()
 xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2010/12/02 17:23:54 | 000,815,104 | ---- | C] ()
 xvidvfw.dll -> C:\Windows\SysWow64\xvidvfw.dll -> [2010/12/02 17:23:54 | 000,180,224 | ---- | C] ()
 wininit.ini -> C:\Windows\wininit.ini -> [2010/10/18 12:59:49 | 000,000,086 | ---- | C] ()
 WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/09/06 10:11:58 | 000,000,193 | ---- | C] ()
 LogiDPP.dll -> C:\Windows\SysWow64\LogiDPP.dll -> [2010/07/27 08:03:20 | 010,829,656 | ---- | C] ()
 LogiDPPApp.exe -> C:\Windows\SysWow64\LogiDPPApp.exe -> [2010/07/27 08:03:20 | 000,102,744 | ---- | C] ()
 DevManagerCore.dll -> C:\Windows\SysWow64\DevManagerCore.dll -> [2010/07/27 08:03:18 | 000,290,648 | ---- | C] ()
 _MSRSTRT.EXE -> C:\Windows\_MSRSTRT.EXE -> [2010/07/20 13:31:23 | 000,002,560 | ---- | C] ()
 pbsvc_bc2.exe -> C:\Windows\SysWow64\pbsvc_bc2.exe -> [2010/05/23 18:57:31 | 002,434,856 | ---- | C] ()
 pbsvc.exe -> C:\Windows\SysWow64\pbsvc.exe -> [2010/05/09 18:03:08 | 001,957,672 | ---- | C] ()
 PnkBstrA.exe -> C:\Windows\SysWow64\PnkBstrA.exe -> [2010/05/09 18:03:08 | 000,075,064 | ---- | C] ()
 wklnhst.dat -> C:\Users\tony\AppData\Roaming\wklnhst.dat -> [2010/04/27 18:40:00 | 000,000,620 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 16 bytes -> C:\Users\tony\Downloads:Shareaza.GUID
< End of report >
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
18-Apr-2012, 04:16 AM #72
eset I HOPE!!!
C:\Downloads\desktop\715032 a variant of Win32/Soft32Downloader.A application
C:\Downloads\Software\715032 a variant of Win32/Soft32Downloader.A application
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir a variant of Win32/Toolbar.MyWebSearch.G application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir Win32/Toolbar.MyWebSearch.B application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir Win32/Toolbar.MyWebSearch.D application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir Win32/FunWeb application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir Win32/Toolbar.MyWebSearch.H application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir Win32/Toolbar.MyWebSearch.P application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir a variant of Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL.vir Win32/Toolbar.MyWebSearch.I application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir a variant of Win32/Toolbar.MyWebSearch.K application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir Win32/Toolbar.MyWebSearch.J application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient_2.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application
C:\Qoobox\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquDx.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\SearchquTb.dll.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\System Volume Information\SystemRestore\FRStaging\Program Files (x86)\Windows Searchqu Toolbar\ToolBar\chrome\content\searchqutb.js.vir Win32/Adware.Bandoo application
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\dropdowndealssetup-silentinstaller.exe probably a variant of Win32/Adware.NHHMTKI application
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDown loader_for_calibre.exe Win32/SoftonicDownloader.D application
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe Win32/SoftonicDownloader.D application
C:\System Volume Information\SystemRestore\FRStaging\Windows\System32\drivers\etc\hosts Win32/Qhost trojan
C:\System Volume Information\SystemRestore\FRStaging\Windows\SysWOW64\Process.exe Win32/PrcView application
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller.exe probably a variant of Win32/Adware.NHHMTKI application
C:\Users\tony\Desktop\calibre\dropdowndealssetup-silentinstaller[1].exe probably a variant of Win32/Adware.NHHMTKI application
C:\Users\tony\Desktop\unused desktops\asc-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\tony\Desktop\unused desktops\imf-setup.exe a variant of Win32/Toolbar.Widgi application
C:\Users\tony\Downloads\Steam.exe MSIL/Solimba application
C:\_OTL\MovedFiles\04122012_154611\C_Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
F:\TONY-PC\Backup Set 2012-04-07 183321\Backup Files 2012-04-07 183321\Backup files 10.zip multiple threats
F:\TONY-PC\Backup Set 2012-04-08 203605\Backup Files 2012-04-08 203605\Backup files 10.zip multiple threats
F:\TONY-PC\Backup Set 2012-04-14 212348\Backup Files 2012-04-14 212348\Backup files 10.zip MSIL/Solimba application
F:\TONY-PC\Backup Set 2012-04-14 212348\Backup Files 2012-04-14 212348\Backup files 8.zip multiple threats
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
18-Apr-2012, 04:17 AM #73
I EAGERLY await your next command Obiwan
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
18-Apr-2012, 11:05 AM #74
It takes exactly 4 mins and 10 seconds to boot up my pc to where I can get on the net!!
obxtony's Avatar
obxtony obxtony is offline
Member with 117 posts.
THREAD STARTER
 
Join Date: Aug 2008
19-Apr-2012, 01:25 PM #75
Just thought I would run a mbam scan again...LOOK what it found!!
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.19.02
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
tony :: TONY-PC [administrator]
19/04/2012 16:31:37
mbam-log-2012-04-19 (18-08-46).txt
Scan type: Full scan
Scan options enabled: Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Memory | Startup | P2P
Objects scanned: 502854
Time elapsed: 1 hour(s), 19 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 44
C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> No action taken.
C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (PUP.FunWebProducts) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (PUP.MyWebSearch) -> No action taken.
C:\Qoobox\Quarantine\C\Windows\SysWOW64\f3PSSavr.scr.vir (PUP.FunWebProducts) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Desktop\calibre\SoftonicDown loader_for_calibre.exe (PUP.ToolbarDownloader) -> No action taken.
C:\System Volume Information\SystemRestore\FRStaging\Users\tony\Music\Serene Moments\SoftonicDownloader_for_calibre.exe (PUP.ToolbarDownloader) -> No action taken.
C:\Users\tony\AppData\LocalLow\FunWebProducts\Installr\Cache\002913A0.exe (PUP.MyWebSearch) -> No action taken.
(end)
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑