Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2014
Ran by suzanne (administrator) on MCGILLCOGILPC on 20-12-2014 18:33:54
Running from C:\Users\suzanne\Desktop
Loaded Profiles: suzanne & Properties (Available profiles: suzanne & Properties)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/33 ... scan-tool/==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgcsrvx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgfws.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgwdsvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgemcx.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2015\avgui.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\suzanne\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_start.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Tweaking.com\Registry Backup\files\vss_7_8_2008_2012_32.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Tweaking.com) C:\Program Files\Tweaking.com\Registry Backup\files\vss_pause.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [vProt] => C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2640408 2014-11-06] ()
HKLM\...\Run: [itype] => c:\Program Files\Microsoft IntelliType Pro\itype.exe [1313640 2011-08-10] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\Run: [AVG-Secure-Search-Update_1113a] => C:\Users\suzanne\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=22fb0c29680247d3bfd9d1544f7684f4-b4aeb2ffa57cb76ec3863b7deedcf62eddb442fb /CMPID=1113a
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-05-07] (Google Inc.)
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [1837672 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [18643560 2013-03-01] (Skype Technologies S.A.)
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\RunOnce: [Adobe Speed Launcher] => 1418880565
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_117_Plugin.exe [829832 2013-10-08] (Adobe Systems Incorporated)
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\MountPoints2: {46605aef-1efb-11e2-8f4e-001d09926d07} - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\MountPoints2: {b84ff1ec-6d02-11e0-938e-806e6f6e6963} - F:\setup.exe -a
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\MountPoints2: {ca33c8e7-848a-11e1-806f-001d09926d07} - L:\setup.exe -a
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\Winlogon: [Shell]
HKU\S-1-5-21-933171571-4239247224-1375863430-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-05-07] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GO36F4~1.DLL => C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2010-09-09] (Google)
IFEO\k9filter.exe: [Debugger] c:\windows\1.EXE
IFEO\mpcmdrun: [Debugger] c:\windows\1.EXE
IFEO\mpsvc.dll: [Debugger] c:\windows\1.EXE
IFEO\mpuxsrv.exe: [Debugger] c:\windows\1.EXE
IFEO\msascui: [Debugger] c:\windows\1.EXE
IFEO\msascui.exe: [Debugger] "c:\windows\1.exe" /z
IFEO\MSconfig.exe: [Debugger] c:\windows\1.EXE
IFEO\msmpeng.exe: [Debugger] "c:\windows\1.exe" /z
IFEO\MSseces: [Debugger] c:\windows\1.EXE
Startup: C:\Users\suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.google.com/ieHKU\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Internet Explorer\Main,Start Page =
https://mysearch.avg.com/?cid=%7BDE1319 ... g=0&sap=hpHKU\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.google.com/ig/dell?hl=en&cli ... bd=0080507SearchScopes: HKU\.DEFAULT -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> {080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC} URL =
http://searchservice.myspace.com/index. ... sults&qry={searchTerms}&type=Web&orig=IMC-IE
SearchScopes: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL =
http://start.pogo.iplay.com/searchresul ... =chrome&q={searchTerms}
SearchScopes: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:4664/search&s=fYA7JN-E ... DDt7El8?q={searchTerms}
SearchScopes: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL =
https://mysearch.avg.com/search?cid={DE131920-30A6-45CD-8D5E-504D8AF4E88F}&mid=22fb0c29680247d3bfd9d1544f7684f4-b4aeb2ffa57cb76ec3863b7deedcf62eddb442fb&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2013-12-09 03:36:50&v=18.1.9.799&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> {AB07185D-66FE-4177-804B-8603D172DA62} URL =
http://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-933171571-4239247224-1375863430-1003 -> {70D46D94-BF1E-45ED-B567-48701376298E} URL =
http://127.0.0.1:4664/search&s=n7ktXOje ... N6FflJM?q={searchTerms}
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: CBrowserHelperObject Object -> {CA6319C0-31B7-401E-A518-A07C3DB8F777} -> C:\Program Files\Dell\BAE\BAE.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Toolbar: HKU\S-1-5-21-933171571-4239247224-1375863430-1000 -> No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKU\S-1-5-21-933171571-4239247224-1375863430-1003 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6}
https://support.dell.com/systemprofiler/SysProExe.CABDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
http://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cabDPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.dll No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\9d0lcyki.default
FF Homepage:
hxxp://www.google.com/FF Keyword.URL:
hxxp://search.yahoo.com/search?ei=UTF-8 ... f-yff26&p=FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter -> C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml
FF Extension: Yahoo! Toolbar - C:\Users\suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\9d0lcyki.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-10-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-02-21]
FF HKLM\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799
FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\18.1.9.799 [2014-10-13]
FF Extension: No Name - {20a82645-c095-46ed-80e3-08825760534b} [Not Found]
Chrome:
=======
CHR DefaultSearchKeyword: Default -> mysearch.avg.com
CHR DefaultSearchURL: Default ->
http://mysearch.avg.com/search?cid={DE131920-30A6-45CD-8D5E-504D8AF4E88F}&mid=22fb0c29680247d3bfd9d1544f7684f4-b4aeb2ffa57cb76ec3863b7deedcf62eddb442fb&lang=en&ds=AVG&coid=avgtbavg&pr=fr&d=2013-12-09 03:36:50&v=17.1.2.1&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR DefaultNewTabURL: Default ->
https://mysearch.avg.com/chroment?espv=2&cid={DE131920-30A6-45CD-8D5E-504D8AF4E88F}&mid=22fb0c29680247d3bfd9d1544f7684f4-b4aeb2ffa57cb76ec3863b7deedcf62eddb442fb&lang=en&ds=AVG&pr=fr&d=2013-12-09 03:36:50&v=18.1.0.444&pid=safeguard&sg=0
CHR DefaultSuggestURL: Default ->
http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\pdf.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\38.0.2125.111\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Oberon com adapter) - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Java(TM) Platform SE 7 U3) - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.30.255) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Users\suzanne\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-12]
CHR Extension: (Google Wallet) - C:\Users\suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-15]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
R2 avgfws; C:\Program Files\AVG\AVG2015\avgfws.exe [1486664 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S4 dlea_device; C:\Windows\system32\dleacoms.exe [598696 2010-05-21] ( )
S4 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-09] (Google)
S4 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2010-04-22] (Memeo)
S4 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2010-04-30] (Memeo)
S4 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-13] (SupportSoft, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-10-13] (AVG Secure Search)
S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-04] (Atheros Communications, Inc.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [213784 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [192792 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [230680 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [200984 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42784 2014-10-13] (AVG Technologies)
R3 DynCal; C:\Windows\System32\drivers\Dyncal.sys [12928 2007-11-07] (Padix Co., Ltd) [File not signed]
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [24888 2008-04-08] (Pure Networks, Inc.)
S2 purendis; system32\DRIVERS\purendis.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 18:33 - 2014-12-20 18:34 - 00023083 _____ () C:\Users\suzanne\Desktop\FRST.txt
2014-12-20 18:33 - 2014-12-20 18:34 - 00000000 ____D () C:\FRST
2014-12-20 18:32 - 2014-12-20 18:32 - 01113600 _____ (Farbar) C:\Users\suzanne\Desktop\FRST.exe
2014-12-20 18:29 - 2014-12-20 18:29 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MCGILLCOGILPC-Microsoft-Windows-7-Home-Premium-(32-bit).dat
2014-12-20 18:27 - 2014-12-20 18:27 - 00000000 ____D () C:\RegBackup
2014-12-20 18:26 - 2014-12-20 18:26 - 00002183 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-12-20 18:26 - 2014-12-20 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-20 18:26 - 2014-12-20 18:26 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-12-16 20:19 - 2014-12-16 20:19 - 00014785 _____ () C:\Users\suzanne\Desktop\dds.txt
2014-12-16 20:19 - 2014-12-16 20:19 - 00010979 _____ () C:\Users\suzanne\Desktop\attach.txt
2014-12-16 20:16 - 2014-12-16 20:16 - 00688992 ____R (Swearware) C:\Users\suzanne\Downloads\dds.scr
2014-12-12 07:15 - 2014-12-17 14:26 - 00029003 _____ () C:\Windows\setupact.log
2014-12-12 07:15 - 2014-12-12 07:15 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-09 10:20 - 2014-12-09 10:20 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-11-26 08:56 - 2014-11-26 08:56 - 00000000 ____D () C:\Users\suzanne\AppData\Roaming\AVG2015
2014-11-26 08:54 - 2014-11-26 08:54 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2014-11-26 08:53 - 2014-11-26 08:56 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-26 08:08 - 2014-12-01 08:00 - 00000000 ____D () C:\Users\suzanne\AppData\Local\Avg2015
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-20 18:30 - 2010-01-29 09:53 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-20 18:25 - 2013-10-15 17:12 - 00000000 ____D () C:\ProgramData\MFAData
2014-12-20 18:19 - 2012-04-08 12:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-20 14:30 - 2010-01-29 09:53 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-19 18:43 - 2012-03-31 15:17 - 00000000 ____D () C:\Users\suzanne\Desktop\JASON
2014-12-19 18:26 - 2011-01-02 14:44 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-19 18:26 - 2011-01-02 14:44 - 00009728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-19 15:44 - 2011-01-02 15:43 - 00801978 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-17 21:19 - 2014-11-16 12:05 - 00000000 ____D () C:\Users\suzanne\AppData\Roaming\Skype
2014-12-17 14:28 - 2010-12-18 15:06 - 00000000 ___RD () C:\Users\suzanne\Dropbox
2014-12-17 14:28 - 2010-12-18 14:49 - 00000000 ____D () C:\Users\suzanne\AppData\Roaming\Dropbox
2014-12-17 14:26 - 2009-07-13 20:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 07:17 - 2012-05-03 17:02 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-12-16 07:17 - 2011-01-02 15:09 - 02287628 _____ () C:\Windows\PFRO.log
2014-12-14 19:32 - 2011-01-02 15:11 - 01994788 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 07:34 - 2013-10-15 16:19 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 07:24 - 2010-12-18 14:50 - 00000000 ____D () C:\Users\suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-11 18:17 - 2010-06-09 08:56 - 00000000 ____D () C:\Program Files\Windows Live Safety Center
2014-12-11 14:22 - 2013-10-15 16:49 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-08 07:18 - 2012-04-08 12:44 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-12-08 07:18 - 2011-11-09 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-12-08 07:16 - 2013-10-15 17:14 - 00000000 ____D () C:\ProgramData\AVG2014
2014-11-26 08:54 - 2014-04-09 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-26 08:53 - 2013-10-15 17:12 - 00000000 ____D () C:\Program Files\AVG
2014-11-21 15:50 - 2013-10-15 17:15 - 00000937 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
Some content of TEMP:
====================
C:\Users\suzanne\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm25png.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-12-15 12:25
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2014
Ran by suzanne at 2014-12-20 18:35:19
Running from C:\Users\suzanne\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5577 - AVG Technologies)
AVG 2015 (Version: 15.0.4253 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5577 - AVG Technologies) Hidden
AVG SafeGuard toolbar (HKLM\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies)
Bing Rewards Client Installer (Version: 16.0.345.0 - Microsoft Corporation) Hidden
Browser Address Error Redirector (HKLM\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
ccc-core-static (Version: 2007.0914.2139.36828 - ATI) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell DataSafe Online (HKLM\...\{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}) (Version: 1.0.21 - Dell, Inc.)
Dell Driver Download Manager (HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\f031ef6ac137efc5) (Version: 2.0.0.0 - Dell Inc.)
Dell Getting Started Guide (HKLM\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.2.09085 - Dell)
Dell V310-V510 Series (HKLM\...\Dell V310-V510 Series) (Version: - Dell, Inc.)
Dropbox (HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Google Chrome (HKLM\...\{61D1D65D-76AF-37E3-A2AC-006AACB51587}) (Version: 65.143.49253 - Google, Inc.)
Google Desktop (HKLM\...\Google Desktop) (Version: 5.9.1005.12335 - Google)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKU\S-1-5-21-933171571-4239247224-1375863430-1000\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version: - )
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
GoToAssist Corporate (HKLM\...\GoToAssist) (Version: 9.1.0.615 - Citrix Online, a division of Citrix Systems, Inc.)
Highlight Viewer (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6700 Basic Device Software (HKLM\...\{020B8F22-46A5-44FE-89F3-5A8E131BFE4B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{5C2B63F5-0941-4C00-8CF8-91B83FFFF756}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Print Diagnostic Utility (HKLM\...\{5E06C076-E4E7-4239-A886-B3D8AC84C166}) (Version: 1.11.0001 - Hewlett-Packard)
HP Update (HKLM\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) PRO Network Connections 12.1.11.0 (HKLM\...\PROSetDX) (Version: - Intel)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Linksys Connect (HKLM\...\Linksys Connect) (Version: 1.5.13225.3 - Linksys LLC)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7252 - Memeo Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Flight Simulator X (HKLM\...\InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation)
Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Professional 2007 Subscription (HKLM\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MotoHelper 2.0.45 Driver 5.0.0 (HKLM\...\MotoHelper) (Version: 2.0.45 - Motorola)
MotoHelper MergeModules (Version: 1.0.0 - Motorola) Hidden
MotoHelper MergeModules (Version: 1.2.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0 - Motorola Inc.) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Music, Photos & Videos Launcher (HKLM\...\{D7769185-9A7C-48D4-8874-5388743A1DE2}) (Version: 1.00.0000 - Dell Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
Product Documentation Launcher (HKLM\...\{89CEAE14-DD0F-448E-9554-15781EC9DB24}) (Version: 1.00.0000 - Dell Inc.)
QualxServ Service Agreement (HKLM\...\{0F756CD9-4A1E-409B-B101-601DDC4C03AA}) (Version: 1.11.0000 - Dell Inc.)
QuickTime (HKLM\...\QuickTime) (Version: - )
RealFlight G5 R/C Simulator (HKLM\...\RealFlightG5Pro) (Version: - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: - )
Roxio Creator DE (HKLM\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - )
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.0.0.809 - Memeo Inc.)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Skins (Version: 2007.0914.2139.36828 - ATI) Hidden
Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
Smart Menus (Windows Live Toolbar) (Version: 03.01.0146 - Microsoft Corporation) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (HKLM\...\{AC76BA86-7AD7-5464-3428-800000000003}) (Version: 8.0.0 - Adobe Systems)
TeamViewer 8 (HKLM\...\TeamViewer
(Version: 8.0.22298 - TeamViewer)
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
University of Washington (HKLM\...\{AA3A1561-8649-48C3-BBA9-575EE39EF969}) (Version: 3.0.0 - Antech Systems, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
User's Guides (HKLM\...\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}) (Version: - )
VibrateGameDeviceDriver (HKLM\...\{DBB7F606-0C13-4182-AD7F-427A4773580E}) (Version: 4.07.1112G - VibrateGameDeviceDriver)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
WebEx Support Manager for Internet Explorer (HKLM\...\{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}) (Version: 6.5.47 - WebEx Communications Inc.)
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000010-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000011-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000013-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000014-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000015-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000016-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000017-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000018-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00000019-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> C:\Program Files\Common Files\Microsoft Shared\DAO\Dao350.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Users\suzanne\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Users\suzanne\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{4052D303-74C5-49EA-BC6B-66099C8D4007}\InprocServer32 -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll (Google)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{7DA06D40-54A0-11CF-A521-0080C77A7786}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Users\suzanne\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{BDC217C5-ED16-11CD-956C-0000C04E4C0A}\InprocServer32 -> C:\Windows\system32\tabctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Users\suzanne\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32 -> C:\Windows\system32\comdlg32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-933171571-4239247224-1375863430-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\suzanne\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 02:23 - 2006-09-18 13:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C80202E-92BA-4DFA-84F9-D087C6C0D904} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {2C41D15B-E167-4CFF-95FD-0AED4BA1776F} - System32\Tasks\{F2DE7E06-06CB-4919-97D2-8A0283E6A14C} => pcalua.exe -a "C:\Users\suzanne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9S7J8S1\uninstall_flash_player[1].exe" -d C:\Users\suzanne\Desktop
Task: {32B92062-3761-45A2-9E62-91F8B71AB602} - System32\Tasks\{B1819A20-E1C1-4E89-85F9-EA87CADCF36D} => pcalua.exe -a F:\setup.exe -d F:\ -c -a
Task: {3BA3058B-6E11-42C5-B4D2-0FCBDF0AF5F9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-24] (Google Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6109739F-5903-4BFB-98BF-0CA8A99E3A48} - System32\Tasks\{F53AD887-3D8B-40EE-BBB7-0F56BD974574} => pcalua.exe -a K:\Setup.exe
Task: {6A9018F2-8AC8-40DD-A7C0-880D18D4BF22} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {7994F470-E511-4083-BE2D-5116C87B7398} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => c:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation)
Task: {99CBEEA0-05A4-4839-BBC2-93F6BD05C8A8} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation)
Task: {9D1D5CA9-69AB-44A2-9A13-BD730A8E6676} - System32\Tasks\{AFD7E5C1-3687-432D-93FC-A721EBFD4389} => pcalua.exe -a E:\dcsstart.exe -d E:\
Task: {9F0F5020-968C-4DCC-A4AB-9563E0824096} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {A224026B-CB59-4458-8B2E-15A92A941ECE} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {BB2FBC8A-87B0-48DB-87A7-C9AD50F35C12} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {DCA08292-3C24-4CCC-9092-616AD9FB48B8} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {FC00101F-EF3B-4638-8EC3-DDF5F4DBDF48} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-08] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-01-02 19:06 - 2009-12-31 02:16 - 00049152 _____ () C:\Windows\System32\DLEAPMON.DLL
2011-01-02 19:06 - 2009-01-13 09:15 - 05709824 _____ () C:\Windows\System32\DLEAOEM.DLL
2011-12-26 16:20 - 2009-11-04 09:14 - 00157696 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\dleadrpp.dll
2014-10-13 20:08 - 2014-10-13 20:07 - 00159768 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2014-10-13 20:08 - 2014-10-13 20:07 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2013-12-10 03:37 - 2014-03-10 02:45 - 01593368 ____N () C:\Program Files\AVG SafeGuard toolbar\TBAPI.dll
2013-12-09 03:36 - 2014-11-06 19:59 - 02640408 _____ () C:\Program Files\AVG SafeGuard toolbar\vprot.exe
2014-10-21 16:22 - 2014-10-21 16:22 - 00750080 _____ () C:\Users\suzanne\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-17 14:27 - 2014-12-17 14:27 - 00043008 _____ () c:\users\suzanne\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpm25png.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00047616 _____ () C:\Users\suzanne\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00863744 _____ () C:\Users\suzanne\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 16:22 - 2014-10-21 16:22 - 00200704 _____ () C:\Users\suzanne\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AERTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: dlea_device => 2
MSCONFIG\Services: GoogleDesktopManager-051210-111108 => 3
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: IDriverT => 3
MSCONFIG\Services: LinksysUpdater => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: MotoHelper => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: nmservice => 2
MSCONFIG\Services: SeagateDashboardService => 2
MSCONFIG\Services: sprtsvc_dellsupportcenter => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: YahooAUService => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^suzanne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: dleamon.exe => "C:\Program Files\Dell V310-V510 Series\dleamon.exe"
MSCONFIG\startupreg: dscactivate => "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
MSCONFIG\startupreg: ECenter => C:\Dell\E-Center\EULALauncher.exe
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: EzPrint => "C:\Program Files\Dell V310-V510 Series\ezprint.exe"
MSCONFIG\startupreg: Google Desktop Search => "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
MSCONFIG\startupreg: googletalk => C:\Users\suzanne\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
MSCONFIG\startupreg: HP Officejet 6700 (NET) => "C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe" -deviceID "CN31D9QJ8D05RQ:NW" -scfn "HP Officejet 6700 (NET)" -AutoStart 1
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: itype => "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
MSCONFIG\startupreg: LELA => "C:\Program Files\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized
MSCONFIG\startupreg: Memeo Instant Backup => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
MSCONFIG\startupreg: nmctxth => "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
MSCONFIG\startupreg: RTBatteryMeter => C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: Seagate Dashboard => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui
MSCONFIG\startupreg: SearchEngineProtection => C:\Program Files\Gamesbar\SearchEngineProtection.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Trend Micro Titanium => "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL ""
MSCONFIG\startupreg: Yousendit Sync Agent => "C:\Program Files\YouSendIt Desktop App\YSIAgent.exe"
MSCONFIG\startupreg: Zune Launcher => "c:\Program Files\Zune\ZuneLauncher.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-933171571-4239247224-1375863430-500 - Administrator - Disabled)
Guest (S-1-5-21-933171571-4239247224-1375863430-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-933171571-4239247224-1375863430-1002 - Limited - Enabled)
Properties (S-1-5-21-933171571-4239247224-1375863430-1003 - Administrator - Enabled) => C:\Users\Properties
suzanne (S-1-5-21-933171571-4239247224-1375863430-1000 - Administrator - Enabled) => C:\Users\suzanne
==================== Faulty Device Manager Devices =============
Name: Pure Networks Wireless Driver
Description: Pure Networks Wireless Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: purendis
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/20/2014 11:14:33 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/17/2014 03:01:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/16/2014 08:35:57 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/15/2014 02:33:28 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 6.3.73.105 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 48c
Start Time: 01d0161f48def043
Termination Time: 609
Application Path: C:\Program Files\Skype\Phone\Skype.exe
Report Id:
Error: (12/14/2014 02:38:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/14/2014 11:57:46 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.16518 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1124
Start Time: 01d0171c0f668516
Termination Time: 889
Application Path: C:\Program Files\Internet Explorer\iexplore.exe
Report Id:
Error: (12/12/2014 04:02:16 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/12/2014 07:54:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashPlayerPlugin_11_9_900_117.exe, version: 11.9.900.117, time stamp: 0x5244d3b6
Faulting module name: FlashPlayerPlugin_11_9_900_117.exe, version: 11.9.900.117, time stamp: 0x5244d3b6
Exception code: 0x40000015
Fault offset: 0x00017b60
Faulting process id: 0x15a8
Faulting application start time: 0xFlashPlayerPlugin_11_9_900_117.exe0
Faulting application path: FlashPlayerPlugin_11_9_900_117.exe1
Faulting module path: FlashPlayerPlugin_11_9_900_117.exe2
Report Id: FlashPlayerPlugin_11_9_900_117.exe3
Error: (12/11/2014 02:46:58 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
Error: (12/10/2014 09:35:36 AM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program PhotoCD.exe because of this error.
Program: PhotoCD.exe
File:
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
Additional Data
Error value: C0000102
Disk type: 0
System errors:
=============
Error: (12/17/2014 02:26:26 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
Error: (12/17/2014 02:26:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pure Networks Wireless Driver service failed to start due to the following error:
%%2
Error: (12/16/2014 07:17:53 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
Error: (12/16/2014 07:17:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pure Networks Wireless Driver service failed to start due to the following error:
%%2
Error: (12/15/2014 11:24:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {CA3A5461-96B5-46DD-9341-5350D3C94615}
Error: (12/12/2014 07:15:28 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
Error: (12/12/2014 07:15:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pure Networks Wireless Driver service failed to start due to the following error:
%%2
Error: (12/08/2014 07:16:27 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\Windows\system32\athExt.dll
Error Code: 126
Error: (12/08/2014 07:16:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Pure Networks Wireless Driver service failed to start due to the following error:
%%2
Error: (12/05/2014 08:48:59 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error %%-536753635.
Microsoft Office Sessions:
=========================
Error: (06/07/2012 01:49:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 261 seconds with 240 seconds of active time. This session ended with a crash.
Error: (05/15/2012 03:26:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 43 seconds with 0 seconds of active time. This session ended with a crash.
Error: (05/02/2012 10:07:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash.
Error: (07/16/2009 02:09:45 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24718 seconds with 600 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2011-01-02 13:34:24.841
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2011-01-02 13:34:24.623
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2011-01-02 13:34:24.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2011-01-02 13:34:24.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2011-01-02 13:34:23.968
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2010-11-23 15:40:49.810
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\AMSP\module\20001\1.5.1381\Helper\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2010-11-23 15:40:49.685
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\AMSP\module\20001\1.5.1381\Helper\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2010-11-23 15:40:49.561
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\AMSP\module\20001\1.5.1381\Helper\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2010-11-23 15:40:49.451
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Trend Micro\AMSP\module\20001\1.5.1381\Helper\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
Date: 2010-11-23 15:23:45.998
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Public\Desktop\Trend_Micro\Setup32\AMSP\update\engine\c2t570425408l-1p1r-1o-1\3.50.1166\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz
Percentage of memory in use: 54%
Total physical RAM: 3070.18 MB
Available physical RAM: 1384.92 MB
Total Pagefile: 6138.64 MB
Available Pagefile: 1538.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.64 MB
==================== Drives ================================
Drive b: (OS) (RAMDisk) (Total:455.71 GB) (Free:390.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive c: (OS) (Fixed) (Total:455.71 GB) (Free:389.97 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:10 GB) (Free:5.95 GB) NTFS
Drive f: (FreeAgent GoFlex Drive) (Fixed) (Total:298.09 GB) (Free:201.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 465.8 GB) (Disk ID: 38000000)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=455.7 GB) - (Type=07 NTFS)
========================================================
Disk: 5 (Size: 298.1 GB) (Disk ID: 6286E507)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
Farbar Recovery Scan Tool (x86) Version: 21-12-2014
Ran by suzanne at 2014-12-20 18:44:20
Running from C:\Users\suzanne\Desktop
Boot Mode: Normal
================== Search Registry: "yahoo;1.exe" ===========
===================== Search result for "yahoo" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\LocalServer32]
""=""C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\VersionIndependentProgID]
""="Yahoo.Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar]
""="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_DISABLE_UNICODE_HANDLE_CLOSING_CALLBACK]
"YahooMusicEngine.exe"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ca"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.id"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~2.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.in"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~3.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~4.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.nz"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA186B~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.uk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAE791~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ar"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA81CD~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.br"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6DAE~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.hk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA56AC~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.my"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA0670~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAC50A~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.vn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA38FD~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.de"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOD~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.dk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOH~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.es"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOE~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.fr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOF~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ie"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.it"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~2.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.no"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOON~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.pl"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOP~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\User Settings\Outlook_AutoDiscover\Create\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.se"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOS~1.XML"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\YahooAUService]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Messenger (Yahoo!)]
"command"=""C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YahooMessenger_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\YAHOOM~1_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"yid"="C:\PROGRA~1\Yahoo!"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023E9B51-8CA5-4303-8C03-5D410CE1D10E}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe|Name=Yahoo! Messenger|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023E9B51-8CA5-4303-8C03-5D410CE1D10E}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe|Name=Yahoo! Messenger|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{023E9B51-8CA5-4303-8C03-5D410CE1D10E}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe|Name=Yahoo! Messenger|"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\AppDataLow\Software\Yahoo]
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\IntelliPoint\AppSpecific\YahooMessenger.exe]
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\IntelliPoint\AppSpecific\Ymsgr_tray.exe]
"Path"="C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\IntelliType Pro\AppSpecific\YahooMessenger.exe]
"Path"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651}]
"AppPath"="C:\Program Files\Yahoo!\companion\installs\cpn"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\84a1f2da_0]
""="{0.0.0.00000000}.{d6ee871b-f4b3-4939-a6c1-8fb0ece2a236}|\Device\HarddiskVolume3\Program Files\Yahoo!\Messenger\YahooMessenger.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]
"YAHOOM~1.EXE"="8888"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\MSNMessenger\RetailDbgZoneLevels]
"Zone_Yahoo"="10"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ca"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.id"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~2.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.in"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~3.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~4.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.kr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAEF96~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YACB7D~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA531A~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.au"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA02CD~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.cn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA819F~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.mx"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAEA08~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ph"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6D1B~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.tw"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAB0F6~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.de"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOD~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.dk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOH~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.es"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOE~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.fr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOF~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ie"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.it"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~2.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.no"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOON~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.pl"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOP~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.se"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOS~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"ybb.ne.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOJ~1.XML"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\Users\suzanne\Downloads\yahoo_firefox_us_wrap_2013.09.18.01 (1).exe"="1"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Yahoo]
"ClientUpdatePage"="http://update.messenger.yahoo.com/msgrcli115.html"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\AppDataLow\Software\Yahoo]
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo]
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager]
"PreLogin"="http://msg.edit.yahoo.com/config/"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager\defaults]
"VIP"="vcs1.msg.yahoo.com,vcs2.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager\profiles\Skins]
"Default_SkinDir"="C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager\Ymsgip]
"Facebook Learn More"="http://help.yahoo.com/l/us/yahoo/messenger/messenger11/connectednetworks/ms11fbchat.html"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager\YUrl]
"Product Overview"="http://messenger.yahoo.com/overview.php"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager\YUrl]
"Send Feedback"="http://feedback.help.yahoo.com/feedback.php?.src=MSNGR10&.from=client"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1003\Software\Yahoo\pager\YUrl]
"New User Wizard"="https://invite.msg.yahoo.com/go/trueswitch/intro"
===================== Search result for "1.exe" ==========
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_88e35d5cb2d54359]
"f!net1.exe"="0x6E006500740031002E00650078006500"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AIR.InstallerPackage\shell\open\command]
""="c:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0\ADOBEA~1.EXE "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96F8C0C7-F106-437D-90DC-6C92793246C4}\LocalServer32]
""=""C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D7EF780-518F-11D3-A1A2-00A0C9088422}\LocalServer32]
""="C:\PROGRA~1\TLI\LANGUA~1\TLASER~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BABB2B95-9545-47DA-973E-298F292607CC}\InprocServer32]
""="c:\PROGRA~1\Zune\ZUNEWL~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.aif\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.aifc\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.aiff\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-131"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.dif\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-134"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.dv\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-134"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.mac\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\PICTUR~1.EXE,-134"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.mov\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-137"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.pct\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\PICTUR~1.EXE,-136"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.pic\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\PICTUR~1.EXE,-136"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.psd\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\PICTUR~1.EXE,-135"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.qt\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-137"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.qti\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\PICTUR~1.EXE,-138"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.qtif\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\PICTUR~1.EXE,-138"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\QuickTime.sd2\DefaultIcon]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE,-138"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
"command"="C:\PROGRA~1\MCAFEE~1\21FF9D~1.121\SSSCHE~1.EXE "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\System Programs]
"icwconn1"="icwconn1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuickTimePlayer.exe]
""="C:\PROGRA~1\QUICKT~1\QUICKT~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2A62AF6226B56404CBA82C9362E6228F\00002119410000000000000000F01FEC]
"File"="WRD12EXE.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adobe AIR]
"DisplayIcon"="c:\PROGRA~1\COMMON~1\ADOBEA~1\Versions\1.0\RESOUR~1\ADOBEA~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpcmdrun]
"Debugger"="c:\windows\1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mpuxsrv.exe]
"Debugger"="c:\windows\1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msascui.exe]
"Debugger"=""c:\windows\1.exe" /z"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msmpeng.exe]
"Debugger"=""c:\windows\1.exe" /z"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\c58139ed_0]
""="{0.0.0.00000000}.{d6ee871b-f4b3-4939-a6c1-8fb0ece2a236}|\Device\HarddiskVolume3\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-933171571-4239247224-1375863430-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\OpenWithList]
"c"="QUICKT~1.EXE"
====== End Of Search ======