Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DLLHost - COM Surrogate / Powershell Stopped Working


  • This topic is locked This topic is locked
20 replies to this topic

#1 MHutch

MHutch

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 02 November 2014 - 08:51 AM

Hello and Thanks in advance for your help - MarkH

 

I'm cleaning up a friends PC, running Windows 7 Home Premium.  Getting desktop popups "Powershell has stopped working" as well as multiple processes - DLLHost - COM Surrogate (I've seen as many as 22 at one time).  Internet security options also reset to not allow downloads.

 

I've scanned with AVG Antivirus (2013 - I know I need to update this), as well as SuperAntivirus and Malwarebytes Antimalware.  They have only found PUPs and tracking cookies.

 

Here's the DDS Log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by Judy at 13:45:58 on 2014-11-01
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: {34b674c6-5cac-4f05-847e-6afa292138f4} - <orphaned>
uURLSearchHooks: <No Name>: {3f2ae504-aa17-4805-90e8-56e48f98731c} -
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
dURLSearchHooks: <No Name>: {3f2ae504-aa17-4805-90e8-56e48f98731c} -
mWinlogon: Userinit = userinit.exe,
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
BHO: CutePDF Form Filler Helper: {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_15_0_0_167_ActiveX.exe -update activex
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} - hxxp://mfr.mlxchange.com/5.6.09.29841/Control/IRCSharc.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{69036B88-E40A-4872-BF76-1876A20D221F} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? IEEtwCollectorService;Internet Explorer ETW Collector Service
R? TsUsbFlt;TsUsbFlt
R? WatAdminSvc;Windows Activation Technologies Service
S? !SASCORE;SAS Core Service
S? AMD External Events Utility;AMD External Events Utility
S? amd_sata;amd_sata
S? amd_xata;amd_xata
S? AVGIDSAgent;AVGIDSAgent
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgloga;AVG Logging Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgtp;avgtp
S? avgwd;AVG WatchDog
S? cvhsvc;Client Virtualization Handler
S? File Backup;File Backup Service
S? HP Support Assistant Service;HP Support Assistant Service
S? HPClientSvc;HP Client Services
S? pdfcDispatcher;PDF Document Manager
S? RoxioNow Service;RoxioNow Service
S? RTL8167;Realtek 8167 NT Driver
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? SCTDriverV1011;SCTDriverV1011
S? Sftfs;Sftfs
S? sftlist;Application Virtualization Client
S? Sftplay;Sftplay
S? Sftredir;Sftredir
S? Sftvol;Sftvol
S? sftvsa;Application Virtualization Service Agent
S? usbfilter;AMD USB Filter Driver
S? vToolbarUpdater18.1.9;vToolbarUpdater18.1.9
.
=============== Created Last 30 ================
.
2014-11-01 13:36:14 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-31 01:35:27 129752 ----a-w- C:\Windows\System32\drivers\3B943EC0.sys
2014-10-29 00:13:59 129752 ----a-w- C:\Windows\System32\drivers\09E26421.sys
2014-10-29 00:13:58 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-29 00:01:52 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-29 00:01:52 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-29 00:01:52 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-29 00:01:51 -------- d-----w- C:\ProgramData\Malwarebytes
2014-10-29 00:01:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 22:39:48 -------- d-----w- C:\SUPERDelete
2014-10-28 22:36:41 -------- d-----w- C:\Users\Judy\AppData\Roaming\SUPERAntiSpyware.com
2014-10-28 22:36:23 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-10-28 22:36:23 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-10-28 08:38:42 -------- d-----w- C:\Windows\pss
2014-10-16 15:36:04 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-10-16 15:32:20 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2014-10-16 15:32:20 156312 ----a-w- C:\Windows\System32\mscorier.dll
2014-10-16 15:32:20 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2014-10-16 15:32:19 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2014-10-16 15:32:19 73880 ----a-w- C:\Windows\System32\mscories.dll
2014-10-16 15:32:19 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2014-10-16 15:30:25 77312 ----a-w- C:\Windows\System32\packager.dll
2014-10-16 15:30:20 67072 ----a-w- C:\Windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-24 11:10:27 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-24 11:10:27 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-11 14:39:52 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 14:07:13.31 ===============

 

 



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 06 November 2014 - 04:28 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

If the system has been used after topic creation time we need to take a look at fresh logs.
Please download the latest version of Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#3 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 06 November 2014 - 08:01 AM

Thanks Georgi,

 

I will be leaving tonight and will be away for the weekend, so I not be able to continue after until next Tuesday, please don't close the topic on me. -Thanks

 

Here is the FRST log with addition,txt attached. Attached File  Addition.txt   33.78KB   1 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014
Ran by Judy (administrator) on JUDY-HP on 02-11-2014 09:52:21
Running from C:\Users\Judy\Desktop
Loaded Profile: Judy (Available profiles: Judy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3453812196-362897383-29464260-1001\...\MountPoints2: {4ef0f1ec-91a3-11e0-a0e1-78acc0a984fb} - H:\LaunchU3.exe -a
HKU\S-1-5-21-3453812196-362897383-29464260-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
URLSearchHook: HKCU - (No Name) - {34b674c6-5cac-4f05-847e-6afa292138f4} - No File
URLSearchHook: HKCU - (No Name) - {3f2ae504-aa17-4805-90e8-56e48f98731c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HIxdm003YYus&ptnrS=HIxdm003YYus&si=COfs5qL9oK8CFUGo4Aod0gl_bg&ptb=E09DA094-A6D5-4BD4-8C9A-BED9B82AF319&ind=2012042916&n=77ed56a4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {27D9FDDF-A349-433D-8963-6557B50E4192} URL =
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKCU - {5DF2A8FF-2D73-42D4-AB32-E07C77748933} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {8B818731-2FDA-497A-A055-C5C4F67B9A3F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2927608
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={37A54FBF-9319-4FBB-9F36-2162ADDBAB37}&mid=0adc4365819747d19812a9e5864d6d08-f4b62fbcac84a0a5b563f7f0af136f91ae9da76b&lang=en&ds=AVG&pr=fr&d=2012-12-12 10:09:31&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111042,17118,0,18,0
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: CutePDF Form Filler Helper -> {D41289F2-69C6-417B-897E-C653D677CBAF} -> C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://mfr.mlxchange.com/5.6.09.29841/Control/IRCSharc.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Judy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-02-14]
FF Extension: Workspace Email Zoom - C:\Users\Judy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-02-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\NP4lStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer Video Downloader  (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer Video Downloader for HTML5  (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealPlayer Video Downloader for PepperFlash  (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (Online Storage plug-in) - C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
CHR Plugin: (Workspace Webmail plug-in 1.0.21.46) - C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-09]
CHR Extension: (Google Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-09]
CHR Extension: (AVG Security Toolbar) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-09-09]
CHR Extension: (Google Wallet) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2012-10-26] (Jungo)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 09:52 - 2014-11-02 09:55 - 00022449 _____ () C:\Users\Judy\Desktop\FRST.txt
2014-11-02 09:51 - 2014-11-02 09:53 - 00000000 ____D () C:\FRST
2014-11-02 08:55 - 2014-11-02 08:55 - 00000490 _____ () C:\Users\Judy\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com.website
2014-11-02 08:26 - 2014-11-02 08:26 - 02114048 _____ (Farbar) C:\Users\Judy\Desktop\FRST64.exe
2014-11-02 08:23 - 2014-11-02 08:23 - 02114048 _____ (Farbar) C:\Users\Judy\Downloads\FRST64.exe
2014-11-02 06:59 - 2014-11-02 09:02 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-11-02 06:59 - 2014-11-02 09:02 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-11-01 22:47 - 2014-11-01 22:47 - 00001269 _____ () C:\Users\Judy\Desktop\11-1-14-MBAM.txt
2014-11-01 13:07 - 2014-11-01 13:07 - 00013011 _____ () C:\Users\Judy\Desktop\dds.txt
2014-11-01 13:07 - 2014-11-01 13:07 - 00005640 _____ () C:\Users\Judy\Desktop\attach.txt
2014-11-01 12:28 - 2014-10-31 12:20 - 00688992 ____R (Swearware) C:\Users\Judy\Desktop\dds.com
2014-11-01 12:23 - 2014-11-01 12:23 - 00000031 _____ () C:\Users\Judy\Desktop\AVG License.txt
2014-11-01 11:46 - 2014-11-01 11:46 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Judy\Downloads\autoruns.exe
2014-11-01 08:41 - 2014-11-01 08:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-01 08:36 - 2014-11-01 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 08:36 - 2014-11-01 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-01 08:36 - 2014-11-01 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-01 08:36 - 2014-11-01 08:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 08:31 - 2014-11-01 08:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-30 20:35 - 2014-10-30 20:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3B943EC0.sys
2014-10-28 19:13 - 2014-11-01 13:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 19:13 - 2014-10-28 19:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\09E26421.sys
2014-10-28 19:01 - 2014-10-28 19:01 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 19:01 - 2014-10-28 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 19:01 - 2014-10-28 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 19:01 - 2014-10-28 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 19:01 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 19:01 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 19:01 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 17:39 - 2014-10-28 17:39 - 00000000 ____D () C:\SUPERDelete
2014-10-28 17:36 - 2014-11-01 22:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-28 17:36 - 2014-10-28 17:36 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-10-28 17:36 - 2014-10-28 17:36 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\SUPERAntiSpyware.com
2014-10-28 17:36 - 2014-10-28 17:36 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-28 17:36 - 2014-10-28 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-28 03:38 - 2014-10-30 18:56 - 00000000 ____D () C:\Windows\pss
2014-10-27 19:08 - 2014-11-01 07:08 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJudy
2014-10-27 19:07 - 2014-11-01 07:08 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJudy.job
2014-10-27 15:50 - 2014-10-27 15:50 - 00000195 _____ () C:\Windows\SysWOW64\logFile.xml
2014-10-20 06:11 - 2014-10-20 06:11 - 00005592 _____ () C:\Users\Judy\Downloads\Fwd_ Willie Nelson's card trick-
2014-10-16 10:38 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 10:38 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 10:38 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 10:38 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 10:38 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 10:38 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 10:38 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 10:38 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 10:38 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 10:38 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 10:38 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 10:38 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 10:38 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 10:38 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 10:38 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 10:38 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 10:38 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 10:38 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 10:38 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 10:38 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 10:38 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 10:38 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 10:38 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 10:38 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 10:38 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 10:38 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 10:38 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 10:38 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 10:38 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 10:38 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 10:38 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 10:38 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 10:38 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 10:38 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 10:38 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 10:38 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 10:38 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 10:38 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 10:38 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 10:38 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 10:38 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 10:38 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 10:38 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 10:38 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 10:38 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 10:38 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 10:38 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 10:38 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 10:37 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 10:37 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 10:37 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 10:37 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 10:37 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 10:37 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 10:37 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 10:37 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 10:37 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 10:37 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 10:36 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 10:32 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 10:31 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 10:31 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 10:31 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 10:31 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 10:31 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 10:31 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 10:31 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 10:31 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 10:31 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 10:31 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 10:31 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 10:30 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 10:30 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-02 10:11 - 2012-04-11 09:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-02 09:49 - 2013-07-24 14:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10890D38-80F4-4721-96B7-D5DF70199189}
2014-11-02 09:34 - 2010-12-24 13:48 - 02025394 _____ () C:\Windows\WindowsUpdate.log
2014-11-02 09:27 - 2012-04-30 14:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-02 09:15 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-02 09:12 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-02 09:12 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-02 09:02 - 2013-06-03 09:54 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-02 09:02 - 2012-04-30 14:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-02 09:02 - 2011-10-09 12:41 - 00000408 _____ () C:\Windows\Tasks\PC Optimizer Pro64 startups.job
2014-11-02 09:02 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-02 09:02 - 2009-07-13 23:51 - 00050854 _____ () C:\Windows\setupact.log
2014-11-02 09:01 - 2010-12-24 17:01 - 00460216 _____ () C:\Windows\PFRO.log
2014-11-02 07:56 - 2011-06-07 07:52 - 00000000 ____D () C:\Users\Judy\AppData\Local\CrashDumps
2014-11-02 07:28 - 2011-06-05 10:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-01 11:16 - 2014-04-05 12:30 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel
2014-11-01 10:31 - 2014-04-30 10:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-01 09:36 - 2013-09-05 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-11-01 09:34 - 2011-09-18 10:36 - 00000000 ____D () C:\Program Files (x86)\Real
2014-11-01 09:33 - 2011-09-18 10:36 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Real
2014-11-01 08:52 - 2013-11-03 09:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 07:54 - 2010-12-24 14:03 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-30 19:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-28 17:39 - 2014-04-05 12:30 - 00000000 ____D () C:\Users\Judy\AppData\Local\The Weather Channel
2014-10-28 03:49 - 2012-11-10 08:32 - 00000000 ____D () C:\Users\Judy\AppData\Local\Avg2013
2014-10-28 03:39 - 2014-04-08 10:34 - 00000000 ___RD () C:\Users\Judy\Dropbox
2014-10-27 18:48 - 2011-06-06 20:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-27 18:47 - 2011-10-26 21:25 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-27 17:56 - 2014-04-08 10:31 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Dropbox
2014-10-26 11:01 - 2014-09-29 14:17 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-10-26 11:01 - 2014-08-16 14:21 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-10-26 10:28 - 2011-07-14 02:21 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJUDY-HP$
2014-10-26 10:28 - 2011-07-14 02:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJUDY-HP$.job
2014-10-25 15:42 - 2011-06-05 09:58 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\SoftGrid Client
2014-10-25 15:18 - 2009-07-13 23:45 - 00271312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-25 15:15 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-25 15:00 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-25 14:53 - 2011-06-06 20:17 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-24 02:01 - 2013-02-14 12:12 - 00000000 ____D () C:\Users\Judy\AppData\Local\Workspace
2014-10-19 10:21 - 2012-04-30 14:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 10:21 - 2012-04-30 14:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-30 19:53

==================== End Of Log ============================



#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 06 November 2014 - 08:36 AM

Hi,

 

 

Thank you for letting me know!

Don't worry. The topic will remain open as long as needed. :)

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#5 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 06 November 2014 - 12:43 PM

Georgi,

 

FRST - fix ran for several hours and now seems to be hung up - green bar no longer moving.

Here's the Fix log up to that point.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Judy at 2014-11-06 09:06:20 Run:1
Running from C:\Users\Judy\Desktop
Loaded Profile: Judy (Available profiles: Judy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3453812196-362897383-29464260-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
URLSearchHook: HKCU - (No Name) - {34b674c6-5cac-4f05-847e-6afa292138f4} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKLM-x32 - {5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=HIxdm003YYus&ptnrS=HIxdm003YYus&si=COfs5qL9oK8CFUGo4Aod0gl_bg&ptb=E09DA094-A6D5-4BD4-8C9A-BED9B82AF319&ind=2012042916&n=77ed56a4&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CPDTDF
SearchScopes: HKCU - {8B818731-2FDA-497A-A055-C5C4F67B9A3F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2927608
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://www.searchqu.com/web?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Task: {4F26378C-76AC-4ECB-94AE-60F5900CD98D} - System32\Tasks\4593 => Wscript.exe C:\Users\Judy\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {97D07C39-4DEC-480A-BA42-1FBE814ACFC9} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {FD4C14BF-75E6-4D14-A22D-FBE983998B16} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: C:\Windows\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
emptytemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{34b674c6-5cac-4f05-847e-6afa292138f4} => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5aabc9ff-5729-4b10-8ce9-e6bcc6a701b6}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B818731-2FDA-497A-A055-C5C4F67B9A3F}" => Key deleted successfully.
"HKCR\CLSID\{8B818731-2FDA-497A-A055-C5C4F67B9A3F}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => value deleted successfully.
"HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4F26378C-76AC-4ECB-94AE-60F5900CD98D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F26378C-76AC-4ECB-94AE-60F5900CD98D}" => Key deleted successfully.
C:\Windows\System32\Tasks\4593 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\4593" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97D07C39-4DEC-480A-BA42-1FBE814ACFC9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97D07C39-4DEC-480A-BA42-1FBE814ACFC9}" => Key deleted successfully.
C:\Windows\System32\Tasks\PC Optimizer Pro64 startups => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD4C14BF-75E6-4D14-A22D-FBE983998B16}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD4C14BF-75E6-4D14-A22D-FBE983998B16}" => Key deleted successfully.
C:\Windows\System32\Tasks\0 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0" => Key deleted successfully.
C:\Windows\Tasks\PC Optimizer Pro64 startups.job => Moved successfully.



#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 06 November 2014 - 01:05 PM

Hi,

 

Please force restart the computer and run a new scan with FRST.

Make sure that Addition.txt is ticked before you press the scan button and post both logs in your next reply.

 

 

Regards,

Georgi


cXfZ4wS.png


#7 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 06 November 2014 - 01:52 PM

OK Georgi,

 

I rebooted and rand FRST with Additional.txt  Attached File  Addition.txt   34.13KB   0 downloads

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by Judy (administrator) on JUDY-HP on 06-11-2014 13:36:56
Running from C:\Users\Judy\Desktop
Loaded Profile: Judy (Available profiles: Judy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Starfield Technologies) C:\Program Files (x86)\Workspace\offSyncService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Dropbox, Inc.) C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-25] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-3453812196-362897383-29464260-1001\...\MountPoints2: {4ef0f1ec-91a3-11e0-a0e1-78acc0a984fb} - H:\LaunchU3.exe -a
Startup: C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Judy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [off0] -> {8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)
ShellIconOverlayIdentifiers: [off1] -> {8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5} => C:\Program Files (x86)\Workspace\offsyncext64.dll (Starfield Technologies, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/CQDSK/1
URLSearchHook: HKCU - (No Name) - {3f2ae504-aa17-4805-90e8-56e48f98731c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {27D9FDDF-A349-433D-8963-6557B50E4192} URL =
SearchScopes: HKCU - {5DF2A8FF-2D73-42D4-AB32-E07C77748933} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={37A54FBF-9319-4FBB-9F36-2162ADDBAB37}&mid=0adc4365819747d19812a9e5864d6d08-f4b62fbcac84a0a5b563f7f0af136f91ae9da76b&lang=en&ds=AVG&pr=fr&d=2012-12-12 10:09:31&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20111042,17118,0,18,0
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: AVG Safe Search -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> C:\Program Files (x86)\AVG\AVG2012\avgssie.dll No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: CutePDF Form Filler Helper -> {D41289F2-69C6-417B-897E-C653D677CBAF} -> C:\Program Files (x86)\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.0.443\AVG Secure Search_toolbar.dll (AVG Secure Search)
DPF: HKLM-x32 {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} http://mfr.mlxchange.com/5.6.09.29841/Control/IRCSharc.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\system32\urlmon.dll (Microsoft Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @starfield.com/off -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/off64 -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin HKCU: @starfield.com/wbe -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin HKCU: @starfield.com/wbe64 -> C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npwbe64.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npoff.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npoff64.dll ( Starfield Technologies, LLC.)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npwbe.dll (Starfield Technology, LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Judy\AppData\Roaming\mozilla\plugins\npwbe64.dll (Starfield Technology, LLC)
FF Extension: WBE Paste - C:\Users\Judy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\wbepaste@starfield [2013-02-14]
FF Extension: Workspace Email Zoom - C:\Users\Judy\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\zoomext@starfield [2013-02-14]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\NP4lStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U55) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer Video Downloader  (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealPlayer Video Downloader for HTML5  (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealPlayer Video Downloader for PepperFlash  (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (Online Storage plug-in) - C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npoff.dll ( Starfield Technologies, LLC.)
CHR Plugin: (Workspace Webmail plug-in 1.0.21.46) - C:\Users\Judy\AppData\Roaming\Mozilla\Plugins\npwbe.dll (Starfield Technology, LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll No File
CHR Plugin: (RealPlayer Download Plugin) - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll No File
CHR Profile: C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-27]
CHR Extension: (YouTube) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-09]
CHR Extension: (Google Search) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-09]
CHR Extension: (AVG Security Toolbar) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-09-09]
CHR Extension: (Google Wallet) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-25]
CHR Extension: (Gmail) - C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-09]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\13.2.0.5\avg.crx []

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 File Backup; C:\Program Files (x86)\Workspace\offSyncService.exe [1187040 2013-07-22] (Starfield Technologies)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SCTDriverV1011; C:\Windows\System32\drivers\SCTDriverV1011.sys [261712 2012-10-26] (Jungo)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 13:36 - 2014-11-06 13:39 - 00020908 _____ () C:\Users\Judy\Desktop\FRST.txt
2014-11-06 13:31 - 2014-11-06 13:31 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-11-06 09:05 - 2014-11-06 09:05 - 00000000 ____D () C:\Users\Judy\Desktop\FRST-OlderVersion
2014-11-06 09:04 - 2014-11-06 09:04 - 00005182 _____ () C:\Users\Judy\Desktop\OLDfixlist.txt
2014-11-02 10:15 - 2014-11-02 10:20 - 00034589 _____ () C:\Users\Judy\Desktop\OLDAddition.txt
2014-11-02 09:52 - 2014-11-02 10:20 - 00042168 _____ () C:\Users\Judy\Desktop\OLDFRST.txt
2014-11-02 09:51 - 2014-11-06 13:37 - 00000000 ____D () C:\FRST
2014-11-02 08:55 - 2014-11-06 13:28 - 00000602 _____ () C:\Users\Judy\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com.website
2014-11-02 08:26 - 2014-11-06 09:05 - 02114560 _____ (Farbar) C:\Users\Judy\Desktop\FRST64.exe
2014-11-02 08:23 - 2014-11-02 08:23 - 02114048 _____ (Farbar) C:\Users\Judy\Downloads\FRST64.exe
2014-11-02 06:59 - 2014-11-06 13:31 - 00003200 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-11-01 22:47 - 2014-11-01 22:47 - 00001269 _____ () C:\Users\Judy\Desktop\11-1-14-MBAM.txt
2014-11-01 13:07 - 2014-11-01 13:07 - 00013011 _____ () C:\Users\Judy\Desktop\dds.txt
2014-11-01 13:07 - 2014-11-01 13:07 - 00005640 _____ () C:\Users\Judy\Desktop\attach.txt
2014-11-01 12:28 - 2014-10-31 12:20 - 00688992 ____R (Swearware) C:\Users\Judy\Desktop\dds.com
2014-11-01 12:23 - 2014-11-01 12:23 - 00000031 _____ () C:\Users\Judy\Desktop\AVG License.txt
2014-11-01 11:46 - 2014-11-01 11:46 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Judy\Downloads\autoruns.exe
2014-11-01 08:41 - 2014-11-01 08:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-11-01 08:36 - 2014-11-01 08:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-01 08:36 - 2014-11-01 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-11-01 08:36 - 2014-11-01 08:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-11-01 08:36 - 2014-11-01 08:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-11-01 08:31 - 2014-11-01 08:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-30 20:35 - 2014-10-30 20:35 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\3B943EC0.sys
2014-10-28 19:13 - 2014-11-01 13:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 19:13 - 2014-10-28 19:13 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\09E26421.sys
2014-10-28 19:01 - 2014-10-28 19:01 - 00001100 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 19:01 - 2014-10-28 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 19:01 - 2014-10-28 19:01 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 19:01 - 2014-10-28 19:01 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 19:01 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 19:01 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 19:01 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 17:39 - 2014-10-28 17:39 - 00000000 ____D () C:\SUPERDelete
2014-10-28 17:36 - 2014-11-01 22:50 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-10-28 17:36 - 2014-10-28 17:36 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-10-28 17:36 - 2014-10-28 17:36 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\SUPERAntiSpyware.com
2014-10-28 17:36 - 2014-10-28 17:36 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-10-28 17:36 - 2014-10-28 17:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-10-28 03:38 - 2014-10-30 18:56 - 00000000 ____D () C:\Windows\pss
2014-10-27 19:08 - 2014-11-05 08:08 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJudy
2014-10-27 19:07 - 2014-11-05 08:08 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForJudy.job
2014-10-27 15:50 - 2014-10-27 15:50 - 00000195 _____ () C:\Windows\SysWOW64\logFile.xml
2014-10-20 06:11 - 2014-10-20 06:11 - 00005592 _____ () C:\Users\Judy\Downloads\Fwd_ Willie Nelson's card trick-
2014-10-16 10:38 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 10:38 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 10:38 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 10:38 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 10:38 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 10:38 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 10:38 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 10:38 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 10:38 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 10:38 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 10:38 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 10:38 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 10:38 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 10:38 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 10:38 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 10:38 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 10:38 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 10:38 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 10:38 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 10:38 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 10:38 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 10:38 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 10:38 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 10:38 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 10:38 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 10:38 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 10:38 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 10:38 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 10:38 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 10:38 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 10:38 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 10:38 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 10:38 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 10:38 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 10:38 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 10:38 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 10:38 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 10:38 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 10:38 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 10:38 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 10:38 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 10:38 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 10:38 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 10:38 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 10:38 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 10:38 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 10:38 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 10:38 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 10:37 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 10:37 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 10:37 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 10:37 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 10:37 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-16 10:37 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 10:37 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 10:37 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 10:37 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 10:37 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 10:36 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-16 10:32 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 10:32 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 10:31 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-16 10:31 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-16 10:31 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-16 10:31 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 10:31 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-16 10:31 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 10:31 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-16 10:31 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-16 10:31 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-16 10:31 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-16 10:31 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-16 10:31 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 10:31 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-16 10:30 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-16 10:30 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-06 13:37 - 2009-07-14 00:13 - 00783464 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-06 13:36 - 2010-12-24 13:48 - 02068819 _____ () C:\Windows\WindowsUpdate.log
2014-11-06 13:34 - 2011-06-05 10:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-06 13:33 - 2014-04-08 10:34 - 00000000 ___RD () C:\Users\Judy\Dropbox
2014-11-06 13:32 - 2014-04-08 10:31 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Dropbox
2014-11-06 13:31 - 2012-04-30 14:12 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-06 13:30 - 2013-06-03 09:54 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-11-06 13:30 - 2010-12-24 17:01 - 00462686 _____ () C:\Windows\PFRO.log
2014-11-06 13:30 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-06 13:30 - 2009-07-13 23:51 - 00051704 _____ () C:\Windows\setupact.log
2014-11-06 13:26 - 2012-04-30 14:12 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-06 13:10 - 2012-04-11 09:52 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-06 12:41 - 2013-07-24 14:32 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{10890D38-80F4-4721-96B7-D5DF70199189}
2014-11-06 07:51 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-06 07:51 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-03 01:11 - 2011-06-07 07:52 - 00000000 ____D () C:\Users\Judy\AppData\Local\CrashDumps
2014-11-01 11:16 - 2014-04-05 12:30 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel
2014-11-01 10:31 - 2014-04-30 10:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-01 09:36 - 2013-09-05 11:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2014-11-01 09:34 - 2011-09-18 10:36 - 00000000 ____D () C:\Program Files (x86)\Real
2014-11-01 09:33 - 2011-09-18 10:36 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\Real
2014-11-01 08:52 - 2013-11-03 09:00 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-01 07:54 - 2010-12-24 14:03 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-30 19:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-28 17:39 - 2014-04-05 12:30 - 00000000 ____D () C:\Users\Judy\AppData\Local\The Weather Channel
2014-10-28 03:49 - 2012-11-10 08:32 - 00000000 ____D () C:\Users\Judy\AppData\Local\Avg2013
2014-10-27 18:48 - 2011-06-06 20:05 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-27 18:47 - 2011-10-26 21:25 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-26 11:01 - 2014-09-29 14:17 - 00003358 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-10-26 11:01 - 2014-08-16 14:21 - 00003222 _____ () C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3453812196-362897383-29464260-1001
2014-10-26 10:28 - 2011-07-14 02:21 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJUDY-HP$
2014-10-26 10:28 - 2011-07-14 02:21 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForJUDY-HP$.job
2014-10-25 15:42 - 2011-06-05 09:58 - 00000000 ____D () C:\Users\Judy\AppData\Roaming\SoftGrid Client
2014-10-25 15:18 - 2009-07-13 23:45 - 00271312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-25 15:15 - 2014-05-07 02:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-25 15:00 - 2013-08-15 02:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-25 14:53 - 2011-06-06 20:17 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-24 02:01 - 2013-02-14 12:12 - 00000000 ____D () C:\Users\Judy\AppData\Local\Workspace
2014-10-19 10:21 - 2012-04-30 14:12 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-19 10:21 - 2012-04-30 14:12 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\Judy\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp2qpzny.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-05 00:57

==================== End Of Log ============================



#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 06 November 2014 - 02:15 PM

Hi,

 

Good...the logs look alot better:

 

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 06 November 2014 - 02:22 PM

Here we go:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by Judy at 2014-11-06 14:21:11 Run:2
Running from C:\Users\Judy\Desktop
Loaded Profile: Judy (Available profiles: Judy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
URLSearchHook: HKCU - (No Name) - {3f2ae504-aa17-4805-90e8-56e48f98731c} - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\4lSrcAs.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\NP4lStub.dll No File
C:\Program Files (x86)\BibleTriviaTime_4l
end
*****************

HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3f2ae504-aa17-4805-90e8-56e48f98731c} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{3f2ae504-aa17-4805-90e8-56e48f98731c}" => Key deleted successfully.
C:\Program Files (x86)\BibleTriviaTime_4l\bar\1.bin\NP4lStub.dll not found.
"C:\Program Files (x86)\BibleTriviaTime_4l" => File/Directory not found.

==== End of Fixlog ====



#10 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 06 November 2014 - 02:30 PM

Ok, it's time to check for leftovers:

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Wait for the prescan to complete and then press the Scan button.
  • When done press the Report button.
  • Please copy and past the results in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.

    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

  • Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.

  • Double-click ESETPoweliksCleaner.exe to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

1.png
2.png

 

 

 

STEP 7

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#11 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 06 November 2014 - 04:44 PM

Georgi,  Finally finished all scans.

 

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/06/2014 02:50:55 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/06/2014 02:53:59 PM
Execution time: 0 hours(s), 3 minute(s), and 3 seconds(s)

 

----------------------------------------------------------

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Judy [Administrator]
Mode : Scan -- Date : 11/06/2014  15:01:08

¤¤¤ Processes : 1 ¤¤¤
[PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[7] -> Stopped

¤¤¤ Registry : 12 ¤¤¤
[PUP] (X64) HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files (x86)\AVG Secure Search\vprot.exe"  -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 2 ¤¤¤
[Suspicious.Path] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job -- C:\Windows\TEMP\{ADCF1812-4A54-46BA-81CC-42C42A7A4932}.exe (--uninstall=1) -> Found
[Suspicious.Path] \\AVG-Secure-Search-Update_JUNE2013_TB_rmv -- C:\Windows\TEMP\{ADCF1812-4A54-46BA-81CC-42C42A7A4932}.exe (--uninstall=1) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST350041 8AS SATA Disk Device +++++
--- User ---
[MBR] a46fa412fe2cc4248db3acea0b004080
[BSP] a6f367e105ede110ff8dd14e27ae7c05 : Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 464702 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 951916544 | Size: 12136 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] fcb9e12fb290540c2f88d35f299b7efb
[BSP] f14114919c44e0b3da80b27f0caccc45 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 264071168 | Size: 300 MB

 

--------------------------------------------------------------------------------

TDSSKiller Links (don't know why, but there were 2 logs)

http://pastebin.com/download.php?i=n6Dn7nJq        http://pastebin.com/download.php?i=vF6qd3c7

 

---------------------------------------------------------------------------------

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2014
Scan Time: 3:22:42 PM
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.06.08
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Judy

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 313577
Time Elapsed: 20 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 5
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers, Quarantined, [9dfe90a6c6b63303186f3feba063e020],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers, Quarantined, [9dfe90a6c6b63303186f3feba063e020],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64, Quarantined, [9dfe90a6c6b63303186f3feba063e020],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\Windows iLivid Toolbar, Quarantined, [207b83b3bac26dc991f72cfe57ac9e62],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr, Quarantined, [207b83b3bac26dc991f72cfe57ac9e62],

Files: 2
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll, Quarantined, [9dfe90a6c6b63303186f3feba063e020],
PUP.Optional.DataMangr.A, C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\DnsBHO.dll, Quarantined, [9dfe90a6c6b63303186f3feba063e020],

Physical Sectors: 0
(No malicious items detected)

(end)

 

------------------------------------------------------------------------

HitmanPro 3.7.9.232
www.hitmanpro.com
   Computer name . . . . : JUDY-HP
   Windows . . . . . . . : 6.1.1.7601.X64/1
   User name . . . . . . : Judy-HP\Judy
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
   Scan date . . . . . . : 2014-11-06 15:59:36
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 33s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 53
   Objects scanned . . . : 2,611,260
   Files scanned . . . . : 26,984
   Remnants scanned  . . : 1,108,472 files / 1,475,804 keys
Suspicious files ____________________________________________________________
   C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,114,048 bytes
      Age  . . . . . . . : 4.3 days (2014-11-02 08:26:28)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AE2D2C0759325087D4D2B6133D55129121438CE56BEAEA6141A9AF306183FCE5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST-OlderVersion\FRST64.exe
   C:\Users\Judy\Desktop\FRST64.exe
      Size . . . . . . . : 2,114,560 bytes
      Age  . . . . . . . : 0.3 days (2014-11-06 09:05:45)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 9A92493668D313771DB011C6FD2BF7B894B97281BC5E3C3DEE5C104372A33DCA
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      References
         HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\Judy\Desktop\FRST64.exe
      Forensic Cluster
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          0.0s C:\Users\Judy\Desktop\FRST64.exe
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
          3.9s C:\Users\Judy\Desktop\FRST-OlderVersion\
   C:\Users\Judy\Downloads\FRST64.exe
      Size . . . . . . . : 2,114,048 bytes
      Age  . . . . . . . : 4.3 days (2014-11-02 08:23:39)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : AE2D2C0759325087D4D2B6133D55129121438CE56BEAEA6141A9AF306183FCE5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe
          0.0s C:\Users\Judy\Downloads\FRST64.exe

Potential Unwanted Programs _________________________________________________
   C:\Program Files (x86)\Conduit\ (Conduit)
   C:\Program Files\PC OPTIMIZER PRO\ (PCOptimizerPro)
   C:\Users\Judy\AppData\Local\Conduit\ (Conduit)
   ask.com
   C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Web Data
   search.ask.com
   C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Web Data
   search.conduit.com
   C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Web Data
   C:\Users\Judy\AppData\LocalLow\Conduit\ (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\ (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\ (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\ (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\DialogsAPI.js (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\PIE.htc (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\settings.js (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Dialogs\version.txt (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Feeds\ (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1319492_1315163_US.xml (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\ (Conduit)
   C:\Users\Judy\AppData\LocalLow\Conduit\Community Alerts\LanguagePacks\en.xml (Conduit)
   HKLM\SOFTWARE\Classes\s\ (Softonic)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
   HKLM\SOFTWARE\Wow6432Node\Conduit\ (Conduit)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ (SearchQU)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ (SearchQU)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ (SearchQU)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ (SearchQU)
   HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\AppDataLow\Software\Conduit\ (Conduit)
   HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\IM\ (Sweetpacks)
   HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\ImInstaller\ (Sweetpacks)
   HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Local AppWizard-Generated Applications\PCOptimizerPro\ (PCOptimizerPro)
   HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
   HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\PC Optimizer Pro\ (PCOptimizerPro)
Cookies _____________________________________________________________________
   C:\Users\Judy\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\Judy\AppData\Roaming\Microsoft\Windows\Cookies\0DGR2PTR.txt

 

----------------------------------------------------------------------

Continue next post with ESET log

ESET Log

--------------------------------------------------------------

 

[2014.11.06 16:20:53.728] - Begin
[2014.11.06 16:20:53.728] -
[2014.11.06 16:20:53.744] -     ....................................
[2014.11.06 16:20:53.744] -   ..::::::::::::::::::....................
[2014.11.06 16:20:53.744] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.06 16:20:53.744] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.06 16:20:53.744] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.06 16:20:53.760] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.06 16:20:53.760] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.06 16:20:53.760] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.06 16:20:53.760] -     ....................................
[2014.11.06 16:20:53.760] -
[2014.11.06 16:20:53.760] - --------------------------------------------------------------------------------
[2014.11.06 16:20:53.760] -
[2014.11.06 16:20:53.760] - INFO: OS: 6.1.7601 SP1
[2014.11.06 16:20:53.760] - INFO: Product Type: Workstation
[2014.11.06 16:20:53.760] - INFO: WoW64: True
[2014.11.06 16:20:53.760] - INFO: Machine guid: 27FE51CD-A165-4320-AE57-8D6F24354FC2
[2014.11.06 16:20:53.760] -
[2014.11.06 16:20:55.803] - INFO: Scanning for system infection...
[2014.11.06 16:20:55.803] - --------------------------------------------------------------------------------
[2014.11.06 16:20:55.803] -
[2014.11.06 16:20:55.803] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.06 16:20:55.803] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.06 16:20:55.803] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.06 16:20:55.803] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.06 16:20:55.803] - INFO: Processing classes...
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.803] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0031-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0032-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0034-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0035-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0036-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0037-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0038-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0039-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0040-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0041-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0042-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0043-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0031-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0032-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0033-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0034-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0036-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0038-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.819] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0044-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0045-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0046-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0047-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0048-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0049-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0050-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0052-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0053-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0054-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0057-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0058-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0059-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0060-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0061-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0062-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0063-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0065-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0066-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0067-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0069-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0070-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0073-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0074-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0075-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.834] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0028-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0036-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0040-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0042-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0044-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0046-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0047-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0049-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0050-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0051-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0052-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0054-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0055-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0057-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0058-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0059-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0060-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0061-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0063-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0065-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0067-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0068-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0069-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0070-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0073-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0074-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0075-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0076-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0077-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0078-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0079-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0081-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0082-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0084-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0085-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0002-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.850] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0004-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0006-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0008-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0010-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0011-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0013-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0014-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0016-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0017-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0018-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0019-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0023-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0024-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0025-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0026-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0027-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0028-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0029-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0031-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0033-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0034-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0035-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0036-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0037-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0038-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0040-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0041-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0042-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0043-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0044-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0047-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0048-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0049-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0050-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0052-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0054-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0056-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0057-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0058-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0059-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0060-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0061-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0062-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0063-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0064-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0065-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0066-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.866] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0069-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBB}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBC}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{1BFB1268-6353-495A-AB78-97BF7CAB4D59}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{B5B8593C-89BC-44a7-BCE3-32FE4FED7C5C}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing clsid [\Registry\User\S-1-5-21-3453812196-362897383-29464260-1001\SOFTWARE\Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}]
[2014.11.06 16:20:55.881] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 16:20:55.881] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 16:20:55.881] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 16:20:55.881] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 16:20:55.881] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 16:20:55.881] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.06 16:20:55.881] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 16:20:55.881] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.06 16:20:55.881] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.06 16:20:55.881] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.06 16:20:55.881] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.06 16:20:55.881] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.06 16:20:55.881] - INFO: Win32/Poweliks not found
[2014.11.06 16:21:11.388] - End

 

---------------------------------------------------------------------------

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus 2013  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Auslogics Registry Cleaner  
 Java 7 Update 71 
 Java version out of Date!
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
 Google Chrome 38.0.2125.104 
 Google Chrome 38.0.2125.111 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3%
````````````````````End of Log``````````````````````

 

--------------------------------------------------------------------------

That's all of them - Mark
 



#12 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 06 November 2014 - 05:00 PM

Hi Mark,

 

Thanks for the logs.

 

We need to remove some remnants from Potentially Unwanted Applications:

 

Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

 

Registry Editor / Cleaner Warning !!


The following is referring to Auslogics Registry Cleaner.
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

And here are a few updating tasks for you

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

  • Download the latest version of Java SE 7.
  • Click the Java SE 7u72 "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-7u72-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
     Java™ 7 Update 71
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u72-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

 

  • Please download JavaRa 2.6 and unzip it to your desktop.
  • Double-click on JavaRa.exe to start the program.
  • Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
  • Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
  • When that's successfully done, please click OK to close the message.
  • Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
  • From the main menu please choose Additional tasks
  • Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
  • When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
  • A log file should be created in the same directory as JavaRa.
  • Please attach the log to your next reply.
  • Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 7 update 72) as described above.

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

It's your call. smile.png

 

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.09 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.1.12 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.

 

Finally please post a new log from SecurityCheck.

 

 

Regards,

Georgi


cXfZ4wS.png


#13 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 06 November 2014 - 05:23 PM

Georgi,

 

I'd already told my friend I would be un-installing the registry editor - can be very dangerous.  As I am just about to drive off, I will have to continue with cleanup on Tuesday when I return fro out of town and will follow your instructions and post the log at that time.  Thanks so much for your help - what is a typical amount of donation thru Paypal  and does it get to you?

 

Until Tuesday - Mark



#14 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,310 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:07:46 AM

Posted 07 November 2014 - 02:28 AM

Hi Mark,

 

Thanks for letting me know.

Donations are not mandatory. its on you to give whatever amount you want or say "thank you" at the end.

Your gratitude is enough to make me smile. :)

 

 

Regards,

Georgi


cXfZ4wS.png


#15 MHutch

MHutch
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:46 AM

Posted 11 November 2014 - 12:22 PM

Hi Georgi,  hope you had a good weekend.

 

I have uninstalled the registry cleaner and updated AVG.

I also sent you 20 Euros via PayPal - Thanks for all your help.

 

Thanks - Mark

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Judy at 2014-11-11 09:51:18 Run:3
Running from C:\Users\Judy\Desktop
Loaded Profile: Judy (Available profiles: Judy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
C:\Program Files (x86)\Conduit
C:\Program Files\PC OPTIMIZER PRO
C:\Users\Judy\AppData\Local\Conduit
C:\Users\Judy\AppData\LocalLow\Conduit
DeleteKey: HKLM\SOFTWARE\Classes\s
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}
DeleteKey: HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Conduit
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32
DeleteKey: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS
DeleteKey: HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\AppDataLow\Software\Conduit
DeleteKey: HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\IM
DeleteKey: HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\ImInstaller
DeleteKey: HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Local AppWizard-Generated Applications\PCOptimizerPro
DeleteKey: HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
DeleteKey: HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\PC Optimizer Pro
end
*****************

C:\Program Files (x86)\Conduit => Moved successfully.
C:\Program Files\PC OPTIMIZER PRO => Moved successfully.
C:\Users\Judy\AppData\Local\Conduit => Moved successfully.
C:\Users\Judy\AppData\LocalLow\Conduit => Moved successfully.
HKLM\SOFTWARE\Classes\s => Key Deleted successfully.
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d} => Key Deleted successfully.
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93} => Key Deleted Successfully.
HKLM\SOFTWARE\Wow6432Node\Conduit => Failed to delete key at first attempt (Error: C0000121), see next line.
HKLM\SOFTWARE\Wow6432Node\Conduit => Key Deleted Successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32 => Key Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS => Key Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32 => Key Deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS => Key Deleted successfully.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\AppDataLow\Software\Conduit => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\AppDataLow\Software\Conduit => Key Deleted Successfully.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\IM => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\IM => Key Deleted Successfully.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\ImInstaller => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\ImInstaller => Key Deleted Successfully.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Local AppWizard-Generated Applications\PCOptimizerPro => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Local AppWizard-Generated Applications\PCOptimizerPro => Key Deleted Successfully.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} => Failed to delete key at first attempt (Error: C0000121), see next line.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE} => Key Deleted Successfully.
HKU\S-1-5-21-3453812196-362897383-29464260-1001\Software\PC Optimizer Pro => Key Deleted successfully.

==== End of Fixlog ====

 

------------------------------------------------------------------------------------

 

Here is the JavaRA log

 

User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey tree: JavaSoft
Removed registry subkey: F60730A4A66673047777F5728467D401
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: .jar
Removed registry subkey: .jnlp
Removed registry subkey tree: jarfile
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0
Removed registry subkey tree: JNLPFile
Removed registry subkey: javaws.exe
Removed registry subkey tree: Browser Helper Objects
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey: 225FA5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4ADB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4BDB0C57489E7F511C11D0182
Removed registry subkey: 225FC5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9
Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896
Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: Oracle_JavaAccessBridge
Removed registry subkey tree: JavaPlugin.10512
Removal routine completed successfully. 32 items have been deleted.
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2efd8aa5.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3f7b6741
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3f7b6741.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72f096ee.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-753511e5
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-753511e5.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-1e356c13
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-1e356c13.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-1d8f922c
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-1d8f922c.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-1a9c633f
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-1a9c633f.idx
 
User initialised redundant data purge.
......................

Removed registry subkey: java.exe
Removed registry subkey: javaw.exe
Removed registry subkey: F60730A4A66673047777F5728467D401
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: {5852F5EC-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: application/java-deployment-toolkit
Removed registry subkey: application/x-java-applet
Removed registry subkey: application/x-java-jnlp-file
Removed registry subkey tree: {5852F5E0-8BF4-11D4-A245-0080C6F74284}
Removed registry subkey: .jar
Removed registry subkey: .jnlp
Removed registry subkey tree: jarfile
Removed registry subkey tree: JavaWebStart.isInstalled
Removed registry subkey tree: JavaWebStart.isInstalled.1.7.0.0
Removed registry subkey tree: JNLPFile
Removed registry subkey: javaws.exe
Removed registry subkey: 6C5ADB75C34456D42B338232391207FF
Removed registry subkey: A5CCAAC40F5B69B47777ACF82566467C
Removed registry subkey tree: 225FA5D4CDB0C57489E7F511C11D0182
Removed registry subkey tree: 225FC5D4ADB0C57489E7F511C11D0182
Removed registry subkey tree: 225FC5D4BDB0C57489E7F511C11D0182
Removed registry subkey tree: 225FC5D4CDB0C57489E7F511C11D0182
Removed registry subkey: 52AAFD69654C07446983ADA1256FC7A9
Removed registry subkey: AD9BB15F1AC776D49B768EDF5A02B896
Removed registry subkey: E1215CC4312C58A4A8F9D630115FB457
Removed registry subkey tree: F60730A4A66673047777F5728467D401
Exception encountered in module [JavaRa]
Message: Cannot delete a subkey tree because the subkey does not exist.
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTreeInternal(String subkey)
   at Microsoft.Win32.RegistryKey.DeleteSubKeyTree(String subkey)
   at JavaRa.routines_registry.delete_key(String key)

Removed registry subkey: Oracle_JavaAccessBridge
Removal routine completed successfully. 29 items have been deleted.
== Cleaning JRE temporary files ==
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\lastAccessed
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-2efd8aa5.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3f7b6741
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-3f7b6741.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-72f096ee.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-753511e5
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\SystemCache\6.0\32\6c34baa0-753511e5.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\security\blacklist.cache
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-70124d7d
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-70124d7d.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\2bbaaf87-e2e4c8970372d2fb4193a7ef29d16f6c3f08527947fcb9208b3a0e48820369fd-6.0.lap
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-32383378
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\31b19ba-32383378.idx
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-737e500d
Deleted file: C:\Users\Judy\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45\7e60542d-737e500d.idx

 

----------------------------------------------------------------------------------
 

Here is the Checkup Log - not sure why it still says Java is not up to date.

 

 Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
AVG AntiVirus 2015  
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 72 
 Java version out of Date!
 Adobe Reader XI 
 Google Chrome 38.0.2125.104 
 Google Chrome 38.0.2125.111 
````````Process Check: objlist.exe by Laurent```````` 
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````

 

--------------------------------------------------------------------------------
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users