Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Several instances dllhost *32, COM Surrogate, MBAM blocking every 15 seconds


  • This topic is locked This topic is locked
10 replies to this topic

#1 thxthx

thxthx

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 08 November 2014 - 04:37 AM

Hi, thanks in advance for your support.

 

I'm having issues with my wife's laptop (running Malwarebytes Premium and AVG for many years).

A few weeks ago she told me that the laptop had become extremely slow, and noticed that MBAM was notifying that it was blocking a malicious website every 15 seconds.
It was something like this:
Domain: [blank]
IP: 95.215.1.57
Port: 57829
Type: Outbound
Process: C:\Windows\SysWOW64\dllhost.exe

 

FYI, at one point my wife told me that she clicked YES to one of the notification, therefore adding an exclusion. Later I removed the exclusion.

 

Then I did some research online and noticed multiples instances of dllhost and dllhost *32 in the Task Manager consuming resources, and we get several warnings from W7 "Powershell has stopped working".

 

MBAM scans but does not find anything (I was just reading some posts here and FYI, "Scan for rootkits" was not checked).

AVG finds and heals something every 1-2 days (for example Adware Generic_r, Corrupted executable file).

 

Also, I run CCleaner every day and it removes like 2GB (mainly from the System folders) which seems to be excessive.  

 

I requested help from MBAM, but their responses have been painfully slow, and not as professional as what I read here. They told me to run FRST, then AdwCleaner (it did remove AVG toolbar), but the problems persists.

 

I really appreciate your support!

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344
Run by Roxi at 3:13:27 on 2014-11-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4061.2392 [GMT -6:00]
.
AV: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2015 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2015\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\windows\system32\crypserv.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\windows\system32\RunDll32.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\SysWOW64\ctfmon.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\sppsvc.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\taskhost.exe
C:\windows\system32\NOTEPAD.EXE
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.lenovo.com
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\grooveex.dll
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCEPServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe" -launchedbylogin
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Roxi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\windows\System32\RunDll32.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\ochelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6DEF0AF0-9345-46FE-90E2-9DABBD0B1856} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\drivers\avgidsha.sys [2014-6-18 190744]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\drivers\avgloga.sys [2014-7-18 313624]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\drivers\avgrkx64.sys [2014-6-18 31512]
R1 Avgdiska;AVG Disk Driver;C:\windows\System32\drivers\avgdiska.sys [2014-6-18 153368]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\drivers\avgidsdrivera.sys [2014-7-24 247576]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\drivers\avgldx64.sys [2014-8-20 243480]
R1 Avgtdia;AVG TDI Driver;C:\windows\System32\drivers\avgtdia.sys [2014-7-2 270616]
R1 funfrm;funfrm;C:\windows\System32\drivers\funfrm.sys [2009-12-18 73744]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2009-12-18 202752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [2014-9-5 3364368]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [2014-9-5 293448]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-3-16 2436280]
R2 DymoPnpService;DYMO PnP Service;C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [2014-3-20 33072]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-9 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-9 968504]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2013-10-1 481304]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2009-12-18 26128]
R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2009-12-18 35104]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-4-22 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-9 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-9 63704]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SOHDms;Sony Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-9-12 489616]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\k57nd60a.sys [2009-6-10 270848]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\System32\drivers\NETw5v64.sys [2009-12-18 5435904]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-23 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2009-9-25 219136]
S3 SOHDs;Sony Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2013-9-8 79000]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-12-1 289952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-18 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-4-23 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
.
=============== Created Last 30 ================
.
2014-11-03 07:11:57 -------- d-----w- C:\ProgramData\BSD
2014-11-03 07:11:16 -------- d-----w- C:\ProgramData\TweakBit
2014-11-03 06:22:24 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2014-11-03 06:10:09 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2014-11-03 06:10:09 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2014-11-03 06:07:37 793600 ----a-w- C:\windows\SysWow64\TSWorkspace.dll
2014-11-03 06:07:37 1031168 ----a-w- C:\windows\System32\TSWorkspace.dll
2014-11-03 06:07:20 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-11-03 06:07:19 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-11-03 06:07:10 3241472 ----a-w- C:\windows\System32\msi.dll
2014-11-03 06:07:09 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-11-03 06:02:18 1684928 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-11-03 06:02:17 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-11-03 06:02:16 6584320 ----a-w- C:\windows\System32\mstscax.dll
2014-11-02 19:06:33 -------- d-----w- C:\AdwCleaner
2014-10-30 05:04:34 -------- d-----w- C:\FRST
2014-10-26 04:58:36 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2014-10-26 04:58:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2014-10-26 04:58:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2014-10-26 04:58:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2014-10-26 04:58:35 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2014-10-26 04:53:45 -------- d-----w- C:\Program Files\iPod
2014-10-26 04:53:43 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 04:53:43 -------- d-----w- C:\Program Files\iTunes
2014-10-26 04:53:43 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-25 03:58:42 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-23 04:19:09 -------- d-----w- C:\Users\Roxi\AppData\Roaming\AVG2015
2014-10-23 04:06:46 -------- d-----w- C:\ProgramData\AVG2015
2014-10-23 03:15:32 -------- d-----w- C:\Users\Roxi\AppData\Local\Avg2015
2014-10-16 14:59:59 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2014-10-16 14:56:43 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-16 14:43:45 424448 ----a-w- C:\windows\System32\rastls.dll
2014-10-16 14:43:41 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-10-15 14:31:09 77312 ----a-w- C:\windows\System32\packager.dll
2014-10-15 14:31:09 67072 ----a-w- C:\windows\SysWow64\packager.dll
.
==================== Find3M  ====================
.
2014-11-08 09:09:14 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-02 19:23:20 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2014-10-02 19:23:20 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2014-10-01 16:11:26 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-01 16:11:16 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-01 16:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-21 02:45:10 243480 ----a-w- C:\windows\System32\drivers\avgldx64.sys
.
============= FINISH:  3:15:08.66 ===============
 

 

 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:34 PM

Posted 08 November 2014 - 07:14 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1
logo.png
Please download Powelikscleaner (by ESET) and save it to your Desktop.
  • Double-click the 3.png to start the tool.
  • Read the terms of the End-user license agreement and click Agree if you agree to them.
  • The tool will run automatically. If the cleaner finds a Poweliks infection, press the Y key on your keyboard to remove it.
  • If Poweliks was detected "Win32/Poweliks was successfully removed from your system" will be displayed. Press any key to exit the tool and reboot your PC.
  • The tool will produce a log in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
1.png
2.png

Step 2

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 thxthx

thxthx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 09 November 2014 - 02:29 AM

Guten nacht, Jürgen.

 

Before pasting the logs let me tell you that a few hours ago AVG found 2 threats "Poweliks", healed them and moved them to the virus vault.

 

I run the ESET cleaner and it did detect Poweliks and removed it. When restarting the laptop, I noticed that Windows Update was updating the configuration, both before shutting down and when restarting.

 

Here are the logs.

 

Danke shoen!

 

[2014.11.09 00:43:40.400] - Begin
[2014.11.09 00:43:40.400] -
[2014.11.09 00:43:40.400] -     ....................................
[2014.11.09 00:43:40.400] -   ..::::::::::::::::::....................
[2014.11.09 00:43:40.400] -   .::EEEEEE:::SSSSSS::..EEEEEE..TTTTTTTT..    Win32/Poweliks
[2014.11.09 00:43:40.400] -  .::EE::::EE:SS:::::::.EE....EE....TT......   Version: 1.0.0.1
[2014.11.09 00:43:40.400] -  .::EEEEEEEE::SSSSSS::.EEEEEEEE....TT......   Built: Oct 15 2014
[2014.11.09 00:43:40.415] -  .::EE:::::::::::::SS:.EE..........TT......
[2014.11.09 00:43:40.415] -   .::EEEEEE:::SSSSSS::..EEEEEE.....TT.....    Copyright © ESET, spol. s r.o.
[2014.11.09 00:43:40.415] -   ..::::::::::::::::::....................    1992-2013. All rights reserved.
[2014.11.09 00:43:40.415] -     ....................................
[2014.11.09 00:43:40.415] -
[2014.11.09 00:43:40.415] - --------------------------------------------------------------------------------
[2014.11.09 00:43:40.415] -
[2014.11.09 00:43:40.415] - INFO: OS: 6.1.7601 SP1
[2014.11.09 00:43:40.415] - INFO: Product Type: Workstation
[2014.11.09 00:43:40.415] - INFO: WoW64: True
[2014.11.09 00:43:40.415] - INFO: Machine guid: 633B333C-EDDC-4B9D-8F0D-C5B8B07A88C7
[2014.11.09 00:43:40.415] -
[2014.11.09 00:43:42.615] - INFO: Scanning for system infection...
[2014.11.09 00:43:42.615] - --------------------------------------------------------------------------------
[2014.11.09 00:43:42.615] -
[2014.11.09 00:43:42.615] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.09 00:43:42.646] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.09 00:43:42.662] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.09 00:43:42.662] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.09 00:43:42.662] - INFO: Processing classes...
[2014.11.09 00:43:42.662] - INFO: Processing clsid [\Registry\User\S-1-5-21-3978099935-2741131164-906008880-1003\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.09 00:43:42.662] - INFO: Processing clsid [\Registry\User\S-1-5-21-3978099935-2741131164-906008880-1003\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.09 00:43:42.662] - WARNING: Found suspicous classid [\Registry\User\S-1-5-21-3978099935-2741131164-906008880-1003\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.09 00:43:42.662] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 00:43:42.677] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 00:43:42.677] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 00:43:42.677] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 00:43:42.677] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 00:43:42.677] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 00:43:42.677] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 00:43:42.677] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 00:43:42.677] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 00:43:42.677] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.09 00:43:42.693] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 00:43:42.693] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 00:43:42.693] - INFO: Win32/Poweliks found
[2014.11.09 00:43:48.637] - INFO: process: dllhost.exe, pid 12064, parent 1000
[2014.11.09 00:43:48.637] - INFO: Terminated process pid = 12064
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 12128, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 12128
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 12192, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 12192
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 12256, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 12256
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 11320, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 11320
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 11428, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 11428
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 11548, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 11548
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 11660, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 11660
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 11772, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 11772
[2014.11.09 00:43:48.652] - INFO: process: dllhost.exe, pid 11880, parent 1000
[2014.11.09 00:43:48.652] - INFO: Terminated process pid = 11880
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 11992, parent 1000
[2014.11.09 00:43:48.668] - INFO: Terminated process pid = 11992
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 12100, parent 1000
[2014.11.09 00:43:48.668] - INFO: Terminated process pid = 12100
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 12220, parent 1000
[2014.11.09 00:43:48.668] - INFO: Terminated process pid = 12220
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 11344, parent 1000
[2014.11.09 00:43:48.668] - INFO: Terminated process pid = 11344
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 11536, parent 1000
[2014.11.09 00:43:48.668] - INFO: Terminated process pid = 11536
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 11752, parent 1000
[2014.11.09 00:43:48.668] - INFO: Terminated process pid = 11752
[2014.11.09 00:43:48.668] - INFO: process: dllhost.exe, pid 11940, parent 1000
[2014.11.09 00:43:48.683] - INFO: Terminated process pid = 11940
[2014.11.09 00:43:48.683] - INFO: process: dllhost.exe, pid 12136, parent 1000
[2014.11.09 00:43:48.683] - INFO: Terminated process pid = 12136
[2014.11.09 00:43:48.683] - INFO: process: dllhost.exe, pid 11376, parent 1000
[2014.11.09 00:43:48.683] - INFO: Terminated process pid = 11376
[2014.11.09 00:43:48.683] - INFO: process: dllhost.exe, pid 11704, parent 1000
[2014.11.09 00:43:48.683] - INFO: Terminated process pid = 11704
[2014.11.09 00:43:48.683] - INFO: process: dllhost.exe, pid 12048, parent 1000
[2014.11.09 00:43:48.683] - INFO: Terminated process pid = 12048
[2014.11.09 00:43:48.683] - INFO: process: dllhost.exe, pid 11444, parent 1000
[2014.11.09 00:43:48.699] - INFO: Terminated process pid = 11444
[2014.11.09 00:43:48.699] - INFO: process: dllhost.exe, pid 11988, parent 1000
[2014.11.09 00:43:48.699] - INFO: Terminated process pid = 11988
[2014.11.09 00:43:48.699] - INFO: process: dllhost.exe, pid 11728, parent 1000
[2014.11.09 00:43:48.699] - INFO: Terminated process pid = 11728
[2014.11.09 00:43:48.699] - INFO: process: dllhost.exe, pid 12244, parent 1000
[2014.11.09 00:43:48.699] - INFO: Terminated process pid = 12244
[2014.11.09 00:43:48.699] - INFO: process: dllhost.exe, pid 12304, parent 1000
[2014.11.09 00:43:48.699] - INFO: Terminated process pid = 12304
[2014.11.09 00:43:48.699] - INFO: process: dllhost.exe, pid 12368, parent 1000
[2014.11.09 00:43:48.699] - INFO: Terminated process pid = 12368
[2014.11.09 00:43:48.699] - INFO: process: dllhost.exe, pid 12432, parent 1000
[2014.11.09 00:43:48.715] - INFO: Terminated process pid = 12432
[2014.11.09 00:43:48.715] - INFO: process: dllhost.exe, pid 12496, parent 1000
[2014.11.09 00:43:48.715] - INFO: Terminated process pid = 12496
[2014.11.09 00:43:48.715] - INFO: process: dllhost.exe, pid 12560, parent 1000
[2014.11.09 00:43:48.715] - INFO: Terminated process pid = 12560
[2014.11.09 00:43:48.715] - INFO: process: dllhost.exe, pid 12624, parent 1000
[2014.11.09 00:43:48.715] - INFO: Terminated process pid = 12624
[2014.11.09 00:43:48.715] - INFO: process: dllhost.exe, pid 12688, parent 1000
[2014.11.09 00:43:48.730] - INFO: Terminated process pid = 12688
[2014.11.09 00:43:48.730] - INFO: process: dllhost.exe, pid 12752, parent 1000
[2014.11.09 00:43:48.730] - INFO: Terminated process pid = 12752
[2014.11.09 00:43:48.730] - INFO: process: dllhost.exe, pid 12816, parent 1000
[2014.11.09 00:43:48.730] - INFO: Terminated process pid = 12816
[2014.11.09 00:43:48.730] - INFO: process: dllhost.exe, pid 12880, parent 1000
[2014.11.09 00:43:48.730] - INFO: Terminated process pid = 12880
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 12944, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 12944
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 13008, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 13008
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 13072, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 13072
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 13136, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 13136
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 13200, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 13200
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 13264, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 13264
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 12316, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 12316
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 12428, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 12428
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 12548, parent 1000
[2014.11.09 00:43:48.746] - INFO: Terminated process pid = 12548
[2014.11.09 00:43:48.746] - INFO: process: dllhost.exe, pid 12656, parent 1000
[2014.11.09 00:43:48.761] - INFO: Terminated process pid = 12656
[2014.11.09 00:43:48.761] - INFO: process: dllhost.exe, pid 12768, parent 1000
[2014.11.09 00:43:48.761] - INFO: Terminated process pid = 12768
[2014.11.09 00:43:48.761] - INFO: process: dllhost.exe, pid 12888, parent 1000
[2014.11.09 00:43:48.761] - INFO: Terminated process pid = 12888
[2014.11.09 00:43:48.761] - INFO: process: dllhost.exe, pid 12996, parent 1000
[2014.11.09 00:43:48.761] - INFO: Terminated process pid = 12996
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 13104, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 13104
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 13216, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 13216
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 5324, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 5324
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 4964, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 4964
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 7612, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 7612
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 6296, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 6296
[2014.11.09 00:43:48.777] - INFO: process: dllhost.exe, pid 8956, parent 1000
[2014.11.09 00:43:48.777] - INFO: Terminated process pid = 8956
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 11652, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 11652
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 12412, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 12412
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 12956, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 12956
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 12248, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 12248
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 3440, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 3440
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 7860, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 7860
[2014.11.09 00:43:48.793] - INFO: process: dllhost.exe, pid 9528, parent 1000
[2014.11.09 00:43:48.793] - INFO: Terminated process pid = 9528
[2014.11.09 00:43:48.808] - INFO: process: dllhost.exe, pid 7540, parent 1000
[2014.11.09 00:43:48.808] - INFO: Terminated process pid = 7540
[2014.11.09 00:43:48.808] - INFO: process: dllhost.exe, pid 8884, parent 1000
[2014.11.09 00:43:48.808] - INFO: Terminated process pid = 8884
[2014.11.09 00:43:48.808] - INFO: process: dllhost.exe, pid 4016, parent 1000
[2014.11.09 00:43:48.808] - INFO: Terminated process pid = 4016
[2014.11.09 00:43:48.808] - INFO: process: dllhost.exe, pid 10328, parent 1000
[2014.11.09 00:43:48.808] - INFO: Terminated process pid = 10328
[2014.11.09 00:43:48.808] - INFO: process: dllhost.exe, pid 12636, parent 1000
[2014.11.09 00:43:48.808] - INFO: Terminated process pid = 12636
[2014.11.09 00:43:48.824] - INFO: process: dllhost.exe, pid 1108, parent 1000
[2014.11.09 00:43:48.824] - INFO: Terminated process pid = 1108
[2014.11.09 00:43:48.824] - INFO: process: dllhost.exe, pid 13208, parent 1000
[2014.11.09 00:43:48.824] - INFO: Terminated process pid = 13208
[2014.11.09 00:43:48.824] - INFO: process: dllhost.exe, pid 12108, parent 1000
[2014.11.09 00:43:48.824] - INFO: Terminated process pid = 12108
[2014.11.09 00:43:48.824] - INFO: process: dllhost.exe, pid 4472, parent 1000
[2014.11.09 00:43:48.824] - INFO: Terminated process pid = 4472
[2014.11.09 00:43:48.824] - INFO: process: dllhost.exe, pid 12264, parent 1000
[2014.11.09 00:43:48.824] - INFO: Terminated process pid = 12264
[2014.11.09 00:43:48.824] - INFO: process: dllhost.exe, pid 12444, parent 1000
[2014.11.09 00:43:48.824] - INFO: Terminated process pid = 12444
[2014.11.09 00:43:48.839] - INFO: process: dllhost.exe, pid 13132, parent 1000
[2014.11.09 00:43:48.839] - INFO: Terminated process pid = 13132
[2014.11.09 00:43:48.839] - INFO: process: dllhost.exe, pid 6300, parent 1000
[2014.11.09 00:43:48.839] - INFO: Terminated process pid = 6300
[2014.11.09 00:43:48.839] - INFO: process: dllhost.exe, pid 10832, parent 1000
[2014.11.09 00:43:48.839] - INFO: Terminated process pid = 10832
[2014.11.09 00:43:48.839] - INFO: process: dllhost.exe, pid 6692, parent 1000
[2014.11.09 00:43:48.839] - INFO: Terminated process pid = 6692
[2014.11.09 00:43:48.839] - INFO: process: dllhost.exe, pid 3932, parent 1000
[2014.11.09 00:43:48.855] - INFO: Terminated process pid = 3932
[2014.11.09 00:43:48.855] - INFO: process: dllhost.exe, pid 9040, parent 1000
[2014.11.09 00:43:48.855] - INFO: Terminated process pid = 9040
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 10588, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 10588
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 7728, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 7728
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 8148, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 8148
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 9732, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 9732
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 3568, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 3568
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 5756, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 5756
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 9152, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 9152
[2014.11.09 00:43:48.871] - INFO: process: dllhost.exe, pid 3460, parent 1000
[2014.11.09 00:43:48.871] - INFO: Terminated process pid = 3460
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 10096, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 10096
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 8904, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 8904
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 3508, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 3508
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 4060, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 4060
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 8764, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 8764
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 4412, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 4412
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 11392, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 11392
[2014.11.09 00:43:48.886] - INFO: process: dllhost.exe, pid 2652, parent 1000
[2014.11.09 00:43:48.886] - INFO: Terminated process pid = 2652
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 12184, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 12184
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 11384, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 11384
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 12988, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 12988
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 13188, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 13188
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 11580, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 11580
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 8348, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 8348
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 12600, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 12600
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 8932, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 8932
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 6680, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 6680
[2014.11.09 00:43:48.902] - INFO: process: dllhost.exe, pid 4644, parent 1000
[2014.11.09 00:43:48.902] - INFO: Terminated process pid = 4644
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 10164, parent 1000
[2014.11.09 00:43:48.917] - INFO: Terminated process pid = 10164
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 6872, parent 1000
[2014.11.09 00:43:48.917] - INFO: Terminated process pid = 6872
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 7856, parent 1000
[2014.11.09 00:43:48.917] - INFO: Terminated process pid = 7856
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 10544, parent 1000
[2014.11.09 00:43:48.917] - INFO: Terminated process pid = 10544
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 12096, parent 1000
[2014.11.09 00:43:48.917] - INFO: Terminated process pid = 12096
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 2296, parent 1000
[2014.11.09 00:43:48.917] - INFO: Terminated process pid = 2296
[2014.11.09 00:43:48.917] - INFO: process: dllhost.exe, pid 2440, parent 1000
[2014.11.09 00:43:48.933] - INFO: Terminated process pid = 2440
[2014.11.09 00:43:48.933] - INFO: process: dllhost.exe, pid 10988, parent 1000
[2014.11.09 00:43:48.933] - INFO: Terminated process pid = 10988
[2014.11.09 00:43:48.933] - INFO: process: dllhost.exe, pid 1860, parent 1000
[2014.11.09 00:43:48.933] - INFO: Terminated process pid = 1860
[2014.11.09 00:43:48.933] - INFO: process: dllhost.exe, pid 3912, parent 1000
[2014.11.09 00:43:48.933] - INFO: Terminated process pid = 3912
[2014.11.09 00:43:48.933] - INFO: process: dllhost.exe, pid 4636, parent 1000
[2014.11.09 00:43:48.933] - INFO: Terminated process pid = 4636
[2014.11.09 00:43:48.949] - INFO: process: dllhost.exe, pid 12764, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 12764
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 9724, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 9724
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 1644, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 1644
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 8376, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 8376
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 4920, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 4920
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 2324, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 2324
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 12036, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 12036
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 12536, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 12536
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 8616, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 8616
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 1700, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 1700
[2014.11.09 00:43:48.964] - INFO: process: dllhost.exe, pid 8188, parent 1000
[2014.11.09 00:43:48.964] - INFO: Terminated process pid = 8188
[2014.11.09 00:43:48.980] - INFO: process: dllhost.exe, pid 12648, parent 1000
[2014.11.09 00:43:48.980] - INFO: Terminated process pid = 12648
[2014.11.09 00:43:48.980] - INFO: process: dllhost.exe, pid 8472, parent 1000
[2014.11.09 00:43:48.980] - INFO: Terminated process pid = 8472
[2014.11.09 00:43:48.980] - INFO: process: dllhost.exe, pid 10876, parent 1000
[2014.11.09 00:43:48.995] - INFO: Terminated process pid = 10876
[2014.11.09 00:43:48.995] - INFO: process: dllhost.exe, pid 10016, parent 1000
[2014.11.09 00:43:48.995] - INFO: Terminated process pid = 10016
[2014.11.09 00:43:48.995] - INFO: process: dllhost.exe, pid 6912, parent 1000
[2014.11.09 00:43:48.995] - INFO: Terminated process pid = 6912
[2014.11.09 00:43:48.995] - INFO: process: dllhost.exe, pid 2564, parent 1000
[2014.11.09 00:43:48.995] - INFO: Terminated process pid = 2564
[2014.11.09 00:43:48.995] - INFO: process: dllhost.exe, pid 12080, parent 1000
[2014.11.09 00:43:48.995] - INFO: Terminated process pid = 12080
[2014.11.09 00:43:48.995] - INFO: process: dllhost.exe, pid 2304, parent 1000
[2014.11.09 00:43:48.995] - INFO: Terminated process pid = 2304
[2014.11.09 00:43:48.995] - INFO: process: dllhost.exe, pid 7624, parent 1000
[2014.11.09 00:43:49.011] - INFO: Terminated process pid = 7624
[2014.11.09 00:43:49.011] - INFO: process: dllhost.exe, pid 9072, parent 1000
[2014.11.09 00:43:49.011] - INFO: Terminated process pid = 9072
[2014.11.09 00:43:49.011] - INFO: process: dllhost.exe, pid 6336, parent 1000
[2014.11.09 00:43:49.011] - INFO: Terminated process pid = 6336
[2014.11.09 00:43:49.011] - INFO: process: dllhost.exe, pid 8600, parent 1000
[2014.11.09 00:43:49.011] - INFO: Terminated process pid = 8600
[2014.11.09 00:43:49.011] - INFO: process: dllhost.exe, pid 11696, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 11696
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 6700, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 6700
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 10980, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 10980
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 11388, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 11388
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 7312, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 7312
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 11364, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 11364
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 1036, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 1036
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 11404, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 11404
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 13212, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 13212
[2014.11.09 00:43:49.027] - INFO: process: dllhost.exe, pid 148, parent 1000
[2014.11.09 00:43:49.027] - INFO: Terminated process pid = 148
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 11780, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 11780
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 9416, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 9416
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 8788, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 8788
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 4028, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 4028
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 13380, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 13380
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 13444, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 13444
[2014.11.09 00:43:49.042] - INFO: process: dllhost.exe, pid 13508, parent 1000
[2014.11.09 00:43:49.042] - INFO: Terminated process pid = 13508
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13572, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13572
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13636, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13636
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13700, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13700
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13764, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13764
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13828, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13828
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13892, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13892
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 13956, parent 1000
[2014.11.09 00:43:49.058] - INFO: Terminated process pid = 13956
[2014.11.09 00:43:49.058] - INFO: process: dllhost.exe, pid 14020, parent 1000
[2014.11.09 00:43:49.073] - INFO: Terminated process pid = 14020
[2014.11.09 00:43:49.073] - INFO: process: dllhost.exe, pid 14084, parent 1000
[2014.11.09 00:43:49.089] - INFO: Terminated process pid = 14084
[2014.11.09 00:43:49.105] - INFO: process: dllhost.exe, pid 14148, parent 1000
[2014.11.09 00:43:49.105] - INFO: Terminated process pid = 14148
[2014.11.09 00:43:49.105] - INFO: process: dllhost.exe, pid 14212, parent 1000
[2014.11.09 00:43:49.105] - INFO: Terminated process pid = 14212
[2014.11.09 00:43:49.105] - INFO: process: dllhost.exe, pid 14276, parent 1000
[2014.11.09 00:43:49.105] - INFO: Terminated process pid = 14276
[2014.11.09 00:43:49.105] - INFO: process: dllhost.exe, pid 13320, parent 1000
[2014.11.09 00:43:49.105] - INFO: Terminated process pid = 13320
[2014.11.09 00:43:49.105] - INFO: process: dllhost.exe, pid 13416, parent 1000
[2014.11.09 00:43:49.105] - INFO: Terminated process pid = 13416
[2014.11.09 00:43:49.120] - INFO: process: dllhost.exe, pid 13536, parent 1000
[2014.11.09 00:43:49.120] - INFO: Terminated process pid = 13536
[2014.11.09 00:43:49.120] - INFO: process: dllhost.exe, pid 13648, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 13648
[2014.11.09 00:43:49.136] - INFO: process: dllhost.exe, pid 13760, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 13760
[2014.11.09 00:43:49.136] - INFO: process: dllhost.exe, pid 13880, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 13880
[2014.11.09 00:43:49.136] - INFO: process: dllhost.exe, pid 13988, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 13988
[2014.11.09 00:43:49.136] - INFO: process: dllhost.exe, pid 14092, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 14092
[2014.11.09 00:43:49.136] - INFO: process: dllhost.exe, pid 14204, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 14204
[2014.11.09 00:43:49.136] - INFO: process: dllhost.exe, pid 14312, parent 1000
[2014.11.09 00:43:49.136] - INFO: Terminated process pid = 14312
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13472, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13472
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13668, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13668
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13864, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13864
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 14072, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 14072
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 14264, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 14264
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13520, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13520
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13900, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13900
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 14228, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 14228
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13712, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13712
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 13856, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 13856
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 14400, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 14400
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 14532, parent 1000
[2014.11.09 00:43:49.151] - INFO: Terminated process pid = 14532
[2014.11.09 00:43:49.151] - INFO: process: dllhost.exe, pid 14600, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 14600
[2014.11.09 00:43:49.167] - INFO: process: dllhost.exe, pid 14664, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 14664
[2014.11.09 00:43:49.167] - INFO: process: dllhost.exe, pid 14764, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 14764
[2014.11.09 00:43:49.167] - INFO: process: dllhost.exe, pid 14828, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 14828
[2014.11.09 00:43:49.167] - INFO: process: dllhost.exe, pid 14900, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 14900
[2014.11.09 00:43:49.167] - INFO: process: dllhost.exe, pid 14964, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 14964
[2014.11.09 00:43:49.167] - INFO: process: dllhost.exe, pid 15032, parent 1000
[2014.11.09 00:43:49.167] - INFO: Terminated process pid = 15032
[2014.11.09 00:43:49.183] - INFO: process: dllhost.exe, pid 15096, parent 1000
[2014.11.09 00:43:49.183] - INFO: Terminated process pid = 15096
[2014.11.09 00:43:49.183] - INFO: process: dllhost.exe, pid 15160, parent 1000
[2014.11.09 00:43:49.183] - INFO: Terminated process pid = 15160
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 15228, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 15228
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 15292, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 15292
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 15356, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 15356
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14412, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 14412
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14468, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 14468
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14596, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 14596
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14716, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 14716
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14796, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 14796
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14892, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 14892
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 15016, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 15016
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 15128, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 15128
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 15240, parent 1000
[2014.11.09 00:43:49.198] - INFO: Terminated process pid = 15240
[2014.11.09 00:43:49.198] - INFO: process: dllhost.exe, pid 14340, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14340
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 14508, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14508
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 14652, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14652
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 14820, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14820
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 14996, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14996
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 15192, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 15192
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 14384, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14384
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 14552, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 14552
[2014.11.09 00:43:49.214] - INFO: process: dllhost.exe, pid 7748, parent 1000
[2014.11.09 00:43:49.214] - INFO: Terminated process pid = 7748
[2014.11.09 00:43:49.229] - INFO: process: dllhost.exe, pid 15236, parent 1000
[2014.11.09 00:43:49.229] - INFO: Terminated process pid = 15236
[2014.11.09 00:43:49.229] - INFO: process: dllhost.exe, pid 14548, parent 1000
[2014.11.09 00:43:49.229] - INFO: Terminated process pid = 14548
[2014.11.09 00:43:49.229] - INFO: process: dllhost.exe, pid 15176, parent 1000
[2014.11.09 00:43:49.229] - INFO: Terminated process pid = 15176
[2014.11.09 00:43:49.229] - INFO: process: dllhost.exe, pid 14856, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 14856
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15084, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15084
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15392, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15392
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15456, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15456
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15552, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15552
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15632, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15632
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15716, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15716
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15880, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15880
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15964, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15964
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 16128, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 16128
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 16220, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 16220
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 16288, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 16288
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15536, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15536
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15596, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15596
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15776, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15776
[2014.11.09 00:43:49.245] - INFO: process: dllhost.exe, pid 15916, parent 1000
[2014.11.09 00:43:49.245] - INFO: Terminated process pid = 15916
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 16104, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 16104
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 16232, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 16232
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 16380, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 16380
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 15472, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 15472
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 15620, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 15620
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 14540, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 14540
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 15872, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 15872
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 13632, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 13632
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 15376, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 15376
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 15584, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 15584
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 2684, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 2684
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 16168, parent 1000
[2014.11.09 00:43:49.261] - INFO: Terminated process pid = 16168
[2014.11.09 00:43:49.261] - INFO: process: dllhost.exe, pid 16156, parent 1000
[2014.11.09 00:43:49.276] - INFO: Terminated process pid = 16156
[2014.11.09 00:43:49.276] - INFO: process: dllhost.exe, pid 15896, parent 1000
[2014.11.09 00:43:49.276] - INFO: Terminated process pid = 15896
[2014.11.09 00:43:49.276] - INFO: process: dllhost.exe, pid 16228, parent 1000
[2014.11.09 00:43:49.292] - INFO: Terminated process pid = 16228
[2014.11.09 00:43:49.292] - INFO: process: dllhost.exe, pid 16352, parent 1000
[2014.11.09 00:43:49.292] - INFO: Terminated process pid = 16352
[2014.11.09 00:43:49.307] - INFO: process: dllhost.exe, pid 16072, parent 1000
[2014.11.09 00:43:49.307] - INFO: Terminated process pid = 16072
[2014.11.09 00:43:49.307] - INFO: process: dllhost.exe, pid 15528, parent 1000
[2014.11.09 00:43:49.307] - INFO: Terminated process pid = 15528
[2014.11.09 00:43:49.307] - INFO: process: dllhost.exe, pid 15452, parent 1000
[2014.11.09 00:43:49.307] - INFO: Terminated process pid = 15452
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 15768, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 15768
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16400, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16400
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16472, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16472
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16540, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16540
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16612, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16612
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16688, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16688
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16784, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16784
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16912, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16912
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 16996, parent 1000
[2014.11.09 00:43:49.323] - INFO: Terminated process pid = 16996
[2014.11.09 00:43:49.323] - INFO: process: dllhost.exe, pid 17060, parent 1000
[2014.11.09 00:43:49.339] - INFO: Terminated process pid = 17060
[2014.11.09 00:43:49.339] - INFO: process: dllhost.exe, pid 17124, parent 1000
[2014.11.09 00:43:49.339] - INFO: Terminated process pid = 17124
[2014.11.09 00:43:49.354] - INFO: process: dllhost.exe, pid 17188, parent 1000
[2014.11.09 00:43:49.354] - INFO: Terminated process pid = 17188
[2014.11.09 00:43:49.354] - INFO: process: dllhost.exe, pid 17252, parent 1000
[2014.11.09 00:43:49.354] - INFO: Terminated process pid = 17252
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 17320, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 17320
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16392, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16392
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16536, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16536
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16724, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16724
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 17068, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 17068
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 17268, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 17268
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16416, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16416
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 15760, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 15760
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16780, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16780
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16948, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16948
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 17052, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 17052
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 17204, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 17204
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 17400, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 17400
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16572, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16572
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 10012, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 10012
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16812, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16812
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16440, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16440
[2014.11.09 00:43:49.385] - INFO: process: dllhost.exe, pid 16852, parent 1000
[2014.11.09 00:43:49.385] - INFO: Terminated process pid = 16852
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17112, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17112
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 16600, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 16600
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17396, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17396
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 10748, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 10748
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 16760, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 16760
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17428, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17428
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17492, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17492
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17632, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17632
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17728, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17728
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17800, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17800
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17948, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17948
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 18048, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 18048
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 18120, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 18120
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 18240, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 18240
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 18316, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 18316
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 18388, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 18388
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17464, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17464
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17620, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17620
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17764, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17764
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 17884, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 17884
[2014.11.09 00:43:49.401] - INFO: process: dllhost.exe, pid 18000, parent 1000
[2014.11.09 00:43:49.401] - INFO: Terminated process pid = 18000
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 18108, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 18108
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 18288, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 18288
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 18268, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 18268
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 11308, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 11308
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 14844, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 14844
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 11372, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 11372
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 1524, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 1524
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 4336, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 4336
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 14748, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 14748
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 7976, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 7976
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 15204, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 15204
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 3248, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 3248
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 13260, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 13260
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 13852, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 13852
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 18060, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 18060
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 15424, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 15424
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 2864, parent 1000
[2014.11.09 00:43:49.417] - INFO: Terminated process pid = 2864
[2014.11.09 00:43:49.417] - INFO: process: dllhost.exe, pid 16956, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 16956
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 15436, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 15436
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 14480, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 14480
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 14000, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 14000
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 7320, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 7320
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 14060, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 14060
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 17564, parent 1000
[2014.11.09 00:43:49.432] - INFO: Terminated process pid = 17564
[2014.11.09 00:43:49.432] - INFO: process: dllhost.exe, pid 18204, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 18204
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 6148, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 6148
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 13468, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 13468
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 1896, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 1896
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 17960, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 17960
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 17292, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 17292
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 7684, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 7684
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 10384, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 10384
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 15892, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 15892
[2014.11.09 00:43:49.448] - INFO: process: dllhost.exe, pid 6956, parent 1000
[2014.11.09 00:43:49.448] - INFO: Terminated process pid = 6956
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 13612, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 13612
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 17640, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 17640
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 16304, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 16304
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 11956, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 11956
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 13292, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 13292
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 17536, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 17536
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 6500, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 6500
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 7424, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 7424
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 13756, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 13756
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 14872, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 14872
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 7824, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 7824
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 12360, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 12360
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 1920, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 1920
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 11084, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 11084
[2014.11.09 00:43:49.463] - INFO: process: dllhost.exe, pid 15432, parent 1000
[2014.11.09 00:43:49.463] - INFO: Terminated process pid = 15432
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 10676, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 10676
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 18128, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 18128
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 13604, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 13604
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 7324, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 7324
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 18020, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 18020
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 14308, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 14308
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 16272, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 16272
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 14180, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 14180
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 14364, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 14364
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 9876, parent 1000
[2014.11.09 00:43:49.479] - INFO: Terminated process pid = 9876
[2014.11.09 00:43:49.479] - INFO: process: dllhost.exe, pid 12788, parent 1000
[2014.11.09 00:43:49.495] - INFO: Terminated process pid = 12788
[2014.11.09 00:43:49.495] - INFO: process: dllhost.exe, pid 8084, parent 1000
[2014.11.09 00:43:49.495] - INFO: Terminated process pid = 8084
[2014.11.09 00:43:49.495] - INFO: process: dllhost.exe, pid 17508, parent 1000
[2014.11.09 00:43:49.495] - INFO: Terminated process pid = 17508
[2014.11.09 00:43:49.495] - INFO: process: dllhost.exe, pid 6008, parent 1000
[2014.11.09 00:43:49.495] - INFO: Terminated process pid = 6008
[2014.11.09 00:43:49.495] - INFO: process: dllhost.exe, pid 14972, parent 1000
[2014.11.09 00:43:49.495] - INFO: Terminated process pid = 14972
[2014.11.09 00:43:49.495] - INFO: process: dllhost.exe, pid 7936, parent 1000
[2014.11.09 00:43:49.495] - INFO: Terminated process pid = 7936
[2014.11.09 00:43:49.510] - INFO: process: dllhost.exe, pid 17468, parent 1000
[2014.11.09 00:43:49.510] - INFO: Terminated process pid = 17468
[2014.11.09 00:43:49.510] - INFO: process: dllhost.exe, pid 16244, parent 1000
[2014.11.09 00:43:49.510] - INFO: Terminated process pid = 16244
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 16792, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 16792
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 15428, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 15428
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 14624, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 14624
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 9424, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 9424
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 15708, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 15708
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 15108, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 15108
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 16708, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 16708
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 17360, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 17360
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 16984, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 16984
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 11216, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 11216
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 16768, parent 1000
[2014.11.09 00:43:49.526] - INFO: Terminated process pid = 16768
[2014.11.09 00:43:49.526] - INFO: process: dllhost.exe, pid 16860, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 16860
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 17944, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 17944
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 7032, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 7032
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 4100, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 4100
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 10504, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 10504
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 18032, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 18032
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 10520, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 10520
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 9892, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 9892
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 12584, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 12584
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 10996, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 10996
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 3744, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 3744
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 10316, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 10316
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 14064, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 14064
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 6536, parent 1000
[2014.11.09 00:43:49.541] - INFO: Terminated process pid = 6536
[2014.11.09 00:43:49.541] - INFO: process: dllhost.exe, pid 16036, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 16036
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 16500, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 16500
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 14756, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 14756
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 5152, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 5152
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 13664, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 13664
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 18492, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 18492
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 18556, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 18556
[2014.11.09 00:43:49.557] - INFO: process: dllhost.exe, pid 18620, parent 1000
[2014.11.09 00:43:49.557] - INFO: Terminated process pid = 18620
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 18684, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 18684
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 18748, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 18748
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 18812, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 18812
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 18880, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 18880
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 18948, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 18948
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 19012, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 19012
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 18916, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 18916
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 19112, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 19112
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 19308, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 19308
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 860, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 860
[2014.11.09 00:43:49.573] - INFO: process: dllhost.exe, pid 19400, parent 1000
[2014.11.09 00:43:49.573] - INFO: Terminated process pid = 19400
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 19452, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 19452
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 18972, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 18972
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 19120, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 19120
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 18188, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 18188
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 12228, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 12228
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 7744, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 7744
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 14792, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 14792
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 15184, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 15184
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 18824, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 18824
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 16260, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 16260
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 19352, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 19352
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 19304, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 19304
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 18692, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 18692
[2014.11.09 00:43:49.588] - INFO: process: dllhost.exe, pid 6436, parent 1000
[2014.11.09 00:43:49.588] - INFO: Terminated process pid = 6436
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 5932, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 5932
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 19152, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 19152
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 18976, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 18976
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 15056, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 15056
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 3960, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 3960
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 15860, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 15860
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 7132, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 7132
[2014.11.09 00:43:49.604] - INFO: process: dllhost.exe, pid 13460, parent 1000
[2014.11.09 00:43:49.604] - INFO: Terminated process pid = 13460
[2014.11.09 00:43:49.604] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.09 00:43:49.619] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]...
[2014.11.09 00:43:49.619] - INFO: Processing [HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.09 00:43:49.619] - INFO: Processing [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]...
[2014.11.09 00:43:49.619] - INFO: Processing classes...
[2014.11.09 00:43:49.619] - INFO: Processing clsid [\Registry\User\S-1-5-21-3978099935-2741131164-906008880-1003\SOFTWARE\Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}]
[2014.11.09 00:43:49.619] - INFO: Processing clsid [\Registry\User\S-1-5-21-3978099935-2741131164-906008880-1003\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.09 00:43:49.619] - INFO: Deleted classid [\Registry\User\S-1-5-21-3978099935-2741131164-906008880-1003\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]
[2014.11.09 00:43:49.869] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 00:43:49.869] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 00:43:49.869] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 00:43:49.869] - INFO: Processing invalid values in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 00:43:49.869] - INFO: Processing value [] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 00:43:49.869] - INFO: Processing value [ServerExecutable] = [%systemroot%\sysWOW64\wbem\wmiprvse.exe]
[2014.11.09 00:43:49.869] - INFO: Processing value [] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 00:43:49.869] - INFO: Processing value [ServerExecutable] = [%systemroot%\system32\wbem\wmiprvse.exe]
[2014.11.09 00:43:49.869] - INFO: Processing invalid subkeys in [HKLM\SOFTWARE\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32]...
[2014.11.09 00:43:49.869] - INFO: Processing [HKLM\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}]...
[2014.11.09 00:43:49.869] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 00:43:49.869] - INFO: Processing subkey [\Registry\Machine\SOFTWARE\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32]
[2014.11.09 00:43:49.869] - INFO: Cleaning status: 0
[2014.11.09 00:43:55.501] - End

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-11-2014 01
Ran by Roxi (administrator) on LENOVO on 09-11-2014 01:14:45
Running from C:\Users\Roxi\Desktop
Loaded Profile: Roxi (Available profiles: Roxi & Gusti)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3978099935-2741131164-906008880-1003\...\MountPoints2: {5edc95e9-eaef-11e2-8979-0c6076b80d57} - F:\EasySuite.exe
HKU\S-1-5-21-3978099935-2741131164-906008880-1003\...\MountPoints2: {a2201c65-ef44-11e2-84dd-0c6076b80d57} - F:\EasySuite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-04-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {AD669B35-73D1-47A9-843E-224C94BA9BB8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {AD669B35-73D1-47A9-843E-224C94BA9BB8} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-07-01] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CrypKey License; C:\windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [253776 2013-03-06] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [73744 2009-12-18] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-10] ()
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 wdmirror; system32\DRIVERS\WDMirror.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 01:14 - 2014-11-09 01:15 - 00015112 _____ () C:\Users\Roxi\Desktop\FRST.txt
2014-11-09 00:46 - 2014-11-09 00:46 - 00000162 _____ () C:\windows\errord.log
2014-11-09 00:46 - 2014-11-09 00:46 - 00000056 _____ () C:\windows\setupact.log
2014-11-09 00:46 - 2014-11-09 00:46 - 00000000 _____ () C:\windows\setuperr.log
2014-11-09 00:45 - 2014-11-09 00:48 - 00000508 _____ () C:\windows\error.log
2014-11-09 00:43 - 2014-11-09 00:43 - 00142178 _____ () C:\Users\Roxi\Desktop\ESETPoweliksCleaner.exe_20141109.004340.20372.log
2014-11-09 00:39 - 2014-11-09 00:39 - 02115584 _____ (Farbar) C:\Users\Roxi\Desktop\FRST64.exe
2014-11-09 00:37 - 2014-11-09 00:37 - 00186568 _____ (ESET) C:\Users\Roxi\Desktop\ESETPoweliksCleaner.exe
2014-11-08 03:15 - 2014-11-08 03:15 - 00019850 _____ () C:\Users\Roxi\Desktop\dds.txt
2014-11-08 03:15 - 2014-11-08 03:15 - 00008037 _____ () C:\Users\Roxi\Desktop\attach.txt
2014-11-08 02:54 - 2014-11-08 03:24 - 00001282 _____ () C:\Users\Roxi\Desktop\bleep.txt
2014-11-08 02:32 - 2014-11-08 02:32 - 00688992 ____R (Swearware) C:\Users\Roxi\Desktop\dds.com
2014-11-05 23:12 - 2014-11-05 23:12 - 00000000 ____D () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B
2014-11-05 21:05 - 2014-11-05 21:05 - 00198312 _____ () C:\Users\Roxi\Documents\cc_20141105_210538.reg
2014-11-03 01:11 - 2014-11-03 01:13 - 00000000 ____D () C:\ProgramData\BSD
2014-11-03 01:11 - 2014-11-03 01:11 - 00000000 ____D () C:\ProgramData\TweakBit
2014-11-03 00:23 - 2014-11-03 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-11-03 00:22 - 2014-11-03 00:22 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-11-03 00:10 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-11-03 00:10 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-11-03 00:07 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-03 00:07 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-03 00:07 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-11-03 00:07 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-11-03 00:07 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-11-03 00:07 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-11-03 00:06 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-11-03 00:06 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-11-03 00:06 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-11-03 00:06 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-11-03 00:06 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-11-03 00:06 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-11-03 00:06 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-11-03 00:06 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-11-03 00:06 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-11-03 00:06 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-11-03 00:06 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-11-03 00:06 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-11-03 00:06 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-11-03 00:02 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-03 00:02 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-03 00:02 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-11-02 13:06 - 2014-11-05 20:50 - 00000000 ____D () C:\AdwCleaner
2014-11-02 09:34 - 2014-11-02 09:34 - 01375089 _____ () C:\Users\Roxi\Downloads\AdwCleaner.exe
2014-10-29 23:04 - 2014-11-09 01:14 - 00000000 ____D () C:\FRST
2014-10-26 23:11 - 2014-10-26 23:11 - 00051200 ____H () C:\Users\Roxi\Desktop\~WRL0003.tmp
2014-10-25 22:58 - 2014-10-25 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-25 22:57 - 2014-10-25 22:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 22:54 - 2014-10-25 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-25 22:53 - 2014-10-25 22:54 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 22:53 - 2014-10-25 22:54 - 00000000 ____D () C:\Program Files\iTunes
2014-10-25 22:53 - 2014-10-25 22:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 22:53 - 2014-10-25 22:53 - 00000000 ____D () C:\Program Files\iPod
2014-10-24 21:58 - 2014-10-24 21:58 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-22 22:19 - 2014-10-22 22:19 - 00000000 ____D () C:\Users\Roxi\AppData\Roaming\AVG2015
2014-10-22 22:06 - 2014-11-08 11:55 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-22 21:15 - 2014-10-22 23:33 - 00000000 ____D () C:\Users\Roxi\AppData\Local\Avg2015
2014-10-16 09:00 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-16 09:00 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 09:00 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-16 09:00 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-16 09:00 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 09:00 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-16 09:00 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 09:00 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 09:00 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 09:00 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:00 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-16 09:00 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-16 09:00 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 09:00 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:00 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-16 09:00 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 08:59 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 08:59 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 08:59 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-16 08:59 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-16 08:59 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-16 08:59 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 08:59 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 08:59 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 08:59 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 08:59 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 08:59 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 08:59 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 08:59 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 08:59 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 08:59 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 08:59 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 08:59 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-16 08:59 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 08:59 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 08:59 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 08:59 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-16 08:59 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 08:59 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-16 08:59 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 08:59 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-16 08:59 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 08:59 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-16 08:59 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 08:59 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-16 08:59 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-16 08:59 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-16 08:59 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-16 08:59 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 08:59 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 08:59 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 08:59 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-16 08:59 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-16 08:59 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 08:59 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-16 08:59 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 08:59 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-16 08:56 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 08:53 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 08:53 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-16 08:53 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-16 08:53 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-16 08:53 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 08:53 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 08:53 - 2014-05-30 02:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-16 08:53 - 2014-05-30 02:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-10-16 08:53 - 2014-05-30 02:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-10-16 08:53 - 2014-05-30 02:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-10-16 08:43 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 08:43 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 08:31 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 08:31 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-14 15:07 - 2014-10-14 15:15 - 02629216 _____ () C:\Users\Roxi\Desktop\BC Powder in store activities examples.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-09 01:10 - 2009-12-18 16:28 - 01871090 _____ () C:\windows\WindowsUpdate.log
2014-11-09 01:08 - 2014-04-09 04:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 00:56 - 2009-07-13 22:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 00:56 - 2009-07-13 22:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 00:48 - 2009-07-13 20:34 - 00000502 _____ () C:\windows\win.ini
2014-11-09 00:46 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-09 00:34 - 2013-04-24 21:18 - 00000000 ____D () C:\Users\Roxi\Documents\Outlook Files
2014-11-08 21:40 - 2013-04-22 21:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-08 15:31 - 2014-02-03 22:19 - 00634880 ___SH () C:\Users\Roxi\Documents\Thumbs.db
2014-11-08 03:40 - 2014-08-02 00:33 - 00000000 ____D () C:\Users\Roxi\Documents\Reflect
2014-11-08 02:25 - 2009-07-13 23:13 - 00820766 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-08 02:00 - 2014-07-06 19:25 - 00000000 ____D () C:\Users\Roxi\AppData\Local\Adobe
2014-11-06 18:21 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-03 23:12 - 2013-09-28 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-03 23:10 - 2013-09-28 17:11 - 00000000 ____D () C:\Users\Roxi\AppData\Roaming\HpUpdate
2014-11-03 00:56 - 2009-07-13 22:45 - 05123776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-03 00:28 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-11-03 00:28 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2014-11-03 00:23 - 2013-04-23 21:47 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-11-03 00:23 - 2013-04-23 21:47 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-11-02 23:00 - 2013-04-23 21:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 14:55 - 2013-04-24 20:24 - 00000000 ____D () C:\Users\Roxi\Documents\jobs
2014-10-29 12:53 - 2014-06-29 01:47 - 00000000 ____D () C:\windows\Minidump
2014-10-27 19:40 - 2013-04-28 21:22 - 00000000 ____D () C:\Users\Roxi\AppData\Roaming\Skype
2014-10-25 22:53 - 2014-09-27 11:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-25 22:53 - 2013-07-08 19:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-24 17:01 - 2009-07-13 23:32 - 00000000 ____D () C:\windows\Performance
2014-10-22 22:25 - 2013-10-01 16:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-22 22:19 - 2013-04-22 21:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-22 22:18 - 2013-04-22 21:43 - 00000000 ___HD () C:\$AVG
2014-10-22 22:17 - 2014-03-31 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-10-22 11:49 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-21 09:02 - 2013-04-23 22:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-20 13:21 - 2014-02-03 14:07 - 00000000 ____D () C:\Users\Roxi\Documents\PERSPECTIVA INC 2014
2014-10-18 08:58 - 2014-04-09 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 08:58 - 2014-04-09 04:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 09:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 09:16 - 2013-08-02 06:01 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 08:55 - 2013-04-22 23:39 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-11 10:21 - 2014-04-04 16:55 - 00000000 ____D () C:\Users\Roxi\AppData\Local\dumps
2014-10-10 13:00 - 2014-10-09 22:23 - 00000000 ____D () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_F94

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-06 18:09

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-11-2014 01
Ran by Roxi at 2014-11-09 01:16:07
Running from C:\Users\Roxi\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5 (HKLM-x32\...\{D176CB09-1505-4D2B-838A-4483D7DF23FB}) (Version: 5.0.1 - Adobe)
Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.0.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{C0DADE74-E295-E258-D042-0D59D6C642CD}) (Version: 3.0.741.0 - ATI Technologies, Inc.)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies)
AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden
AVS Screen Capture version 2.0.1 (HKLM-x32\...\AVS Screen Capture_is1) (Version:  - Online Media Technologies Ltd.)
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Converter 7 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video Recorder 2.4 (HKLM-x32\...\AVS Video Recorder_is1) (Version:  - Online Media Technologies Ltd.)
AVS Video ReMaker 4.0.2.126 (HKLM-x32\...\AVS Video ReMaker_is1) (Version:  - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version:  - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
ccc-core-static (x32 Version: 2009.0813.2131.36817 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
CodeWallet Pro 2006 Desktop Companion (HKLM-x32\...\CodeWallet Pro 2006 Desktop Companion) (Version: 6.62 - Developer One)
CyberLink PowerDirector 11 (HKLM-x32\...\InstallShield_{551F492A-01B0-4DC4-866F-875EC4EDC0A8}) (Version: 11.0.0.4310 - CyberLink Corp.)
Dolby Control Center (HKLM\...\{20387B45-18A4-4D48-ABD9-A23D2CBE42B3}) (Version: 2.2.1 - Dolby)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
EasyCapture (HKLM-x32\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
Energy Management (HKLM-x32\...\{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}) (Version: 4.4.1.2 - Lenovo)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HP Deskjet 3520 series Basic Device Software (HKLM\...\{A0A03B53-927D-4454-A456-CB0A72A4912F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Help (HKLM-x32\...\{C13E1F46-84FE-4D3B-8581-0F2F624C7EEC}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet 3520 series Setup Guide (HKLM-x32\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9600 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.53001.0 - Sonix)
Lenovo First Boot (HKLM-x32\...\{F2602F16-02D1-4F1C-99A5-E246C522A59D}) (Version: 1.7.2.2 - DDNI)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.0723 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.0723 - CyberLink Corp.) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.2 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 5.3.7109 - Paramount Software (UK) Ltd.) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MergeModule_x64 (Version: 8.0.00 - Sony Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Native Client (HKLM\...\{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{86177DAE-38B1-49DD-912E-35CB703AB779}) (Version: 9.00.4035.00 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayMemories Home (HKLM-x32\...\{5FC13A4C-BC27-4414-A2E4-9E2277AA88AE}) (Version: 8.0.02.10010 - Sony Corporation)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.4809d1 - CyberLink Corp.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek 8136 8168 8169 Ethernet Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0005 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7100.30095 - Realtek Semiconductor Corp.)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
SOHLib for PlayMemories Home (Version: 1.0.0.09130 - Sony Corporation) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.1.1 - Synaptics Incorporated)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Driver Package - Lenovo (ACPIVPC) System  (05/19/2009 4.4.0.1) (HKLM\...\92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E) (Version: 05/19/2009 4.4.0.1 - Lenovo)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2013-10-20 23:22 - 00003630 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
127.0.0.1                   192.150.14.69
127.0.0.1                   192.150.18.101
127.0.0.1                   192.150.18.108
127.0.0.1                   192.150.22.40
127.0.0.1                   192.150.8.100
127.0.0.1                   192.150.8.118
127.0.0.1                   209-34-83-73.ood.opsource.net
127.0.0.1                   3dns-1.adobe.com
127.0.0.1                   3dns-2.adobe.com
127.0.0.1                   3dns-3.adobe.com
127.0.0.1                   3dns-4.adobe.com
127.0.0.1                   3dns.adobe.com
127.0.0.1                   activate-sea.adobe.com
127.0.0.1                   activate-sjc0.adobe.com
127.0.0.1                   activate.wip.adobe.com
127.0.0.1                   activate.wip1.adobe.com
127.0.0.1                   activate.wip2.adobe.com
127.0.0.1                   activate.wip3.adobe.com
127.0.0.1                   activate.wip4.adobe.com
127.0.0.1                   adobe-dns-1.adobe.com
127.0.0.1                   adobe-dns-2.adobe.com
127.0.0.1                   adobe-dns-3.adobe.com
127.0.0.1                   adobe-dns-4.adobe.com
127.0.0.1                   adobe-dns.adobe.com
127.0.0.1                   adobe.activate.com
127.0.0.1                   adobeereg.com
127.0.0.1                   crl.verisign.net

There are 27 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1FD4BD36-0140-4FA2-B860-8FDEA4E7A6F9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2D0AC24F-D0C1-4C82-818B-91E83ADB1F4B} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {57AE8E17-2379-420C-AC46-328C3251A256} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {67AEE932-91F7-4B04-B0B6-09F5DD00896A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {709681E7-05A2-4AD0-A007-953A7F734C05} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77EA3F1A-C7AB-4015-A540-9566C2602AEB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {BB121F1E-78EF-4529-A35E-D724711007CF} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {C3FF85B5-9C5B-4D13-8B08-17AAA7C13890} - System32\Tasks\Sony Corporation\Sony Home Network Library\SOHLib SOHDms => C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2013-09-12] (Sony Corporation)
Task: {C49D8072-32B0-4B38-9C6D-72EF80E6D817} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {C648D8C5-7931-4325-8EC4-9F75B3FA9ECD} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E9C36326-A60F-46AD-9172-ECF38DCE5C5A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-29] (Piriform Ltd)
Task: {F1EE0D33-F06D-4297-BD1B-9C74E9EE3844} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FEEFAD7E-7A00-4725-AE4D-BF0D275E8FBA} - System32\Tasks\AdobeAAMUpdater-1.0-Lenovo-Roxi => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-03-21] (Adobe Systems Incorporated)

==================== Loaded Modules (whitelisted) =============

2014-03-16 06:58 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-08-10 21:22 - 2013-03-06 13:42 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2014-10-21 08:35 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2009-12-18 16:41 - 2009-07-15 09:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2009-12-18 16:41 - 2009-07-15 09:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-05-21 04:59 - 2008-05-21 04:59 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-12-18 16:27 - 2009-12-18 16:27 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-07-31 11:16 - 2014-07-31 11:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-21 08:34 - 2014-09-09 07:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Roxi\Desktop\Roxana Toledo- Resignation Letter.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Roxi\Desktop\Roxana Toledo- Resignation Letter.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Roxi\AppData\Local\Temp:B1tt7Fb4Aj7MKWb962VsIYqov

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: (default) =>
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: PMBVolumeWatcher => "C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
MSCONFIG\startupreg: ROC_ROC_APR2013_AV => C:\Users\Roxi\AppData\Roaming\AVG April 2013 Campaign\AVG-Secure-Search-Update.exe /PROMPT --mid 9c00771f9ddf47d3964edd29305ce4a4-bebc3582ad485b48691a23a2770fbe32dc5bf498 --CMPID ROC_APR2013_AV --CMPIDEXTRA 2013
MSCONFIG\startupreg: snp2uvc => C:\windows\vsnp2uvc.exe
MSCONFIG\startupreg: VeriFaceManager => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-3978099935-2741131164-906008880-500 - Administrator - Disabled)
Guest (S-1-5-21-3978099935-2741131164-906008880-501 - Limited - Disabled)
Gusti (S-1-5-21-3978099935-2741131164-906008880-1006 - Administrator - Enabled) => C:\Users\Gusti
HomeGroupUser$ (S-1-5-21-3978099935-2741131164-906008880-1005 - Limited - Enabled)
Roxi (S-1-5-21-3978099935-2741131164-906008880-1003 - Administrator - Enabled) => C:\Users\Roxi

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/08/2014 10:23:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4700}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: The Windows Search Service cannot open the Jet property store.

Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

System errors:
=============
Error: (11/09/2014 01:09:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Sony Digital Media Server service terminated with the following error:
%%-2147195036

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Error: (11/09/2014 01:09:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The VAIO Entertainment Common Service service depends on the Remote Desktop Services service which failed to start because of the following error:
%%1058

Microsoft Office Sessions:
=========================
Error: (11/08/2014 10:23:09 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"c:\program files\microsoft office 15\root\office15\lync.exe.Manifestc:\program files\microsoft office 15\root\office15\UccApi.DLL1

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Context: Windows Application

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)

Error: (11/08/2014 02:05:58 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 Element not found.  (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Context: Windows Application, SystemIndex Catalog

Details:
 The content index database is corrupt.  (HRESULT : 0xc0041800) (0xc0041800)

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
 The content index catalog is corrupt.  (HRESULT : 0xc0041801) (0xc0041801)
4700

Error: (11/08/2014 02:05:51 AM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
 0x%08x (0xc0041800 - The content index database is corrupt.  (HRESULT : 0xc0041800))

==================== Memory info ===========================

Processor: Genuine Intel® CPU U7300 @ 1.30GHz
Percentage of memory in use: 54%
Total physical RAM: 4060.54 MB
Available physical RAM: 1827.36 MB
Total Pagefile: 8119.26 MB
Available Pagefile: 5941.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:252.89 GB) (Free:38.83 GB) NTFS
Drive d: () (Fixed) (Total:30.25 GB) (Free:13.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 07909F49)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=252.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=30.2 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:34 PM

Posted 09 November 2014 - 11:58 AM

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.

Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.
Attached File  fixlist.txt   709bytes   5 downloads

After the Reboot:

Step 2

Don't remove on your own anything that Hitman Pro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.
hitman.gif


Step 3

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 4
frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 thxthx

thxthx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 12 November 2014 - 10:56 AM

HitmanPro 3.7.9.232
www.hitmanpro.com

   Computer name . . . . : LENOVO
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Lenovo\Roxi
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2014-11-11 22:54:19
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 20m 12s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 17

   Objects scanned . . . : 2,103,365
   Files scanned . . . . : 96,208
   Remnants scanned  . . : 787,722 files / 1,219,435 keys

Malware _____________________________________________________________________

   C:\Users\Gusti\Documents\P\AR\Downloaded Files\mp3finder.exe
      Size . . . . . . . : 918,186 bytes
      Age  . . . . . . . : 563.4 days (2013-04-27 14:20:01)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : D7E61DCEC77D596AEB0AD5EF4D744F0C969C3CB3E53E0F69445379ED589CB75F
    > Bitdefender  . . . : Gen:Adware.Heur.JC8@RC9XKLn
      Fuzzy  . . . . . . : 100.0


Suspicious files ____________________________________________________________

   C:\Users\Gusti\Documents\Applications\tm2002.exe
      Size . . . . . . . : 3,872,840 bytes
      Age  . . . . . . . : 563.4 days (2013-04-27 14:26:17)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FA485FEE9EF8EA60F008EF208AA17DA1EC51A731ABAFBFE9E2CF59EAD9BBFE70
      Product  . . . . . : TypingMaster                                                
      Publisher  . . . . : TypingMaster                                                
      Description  . . . : TypingMaster                                                
      Version  . . . . . : 6.2
      Copyright  . . . . :                                                             
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         Program is code signed with a weak certificate. This is common to malware.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Gusti\Documents\P\AR\Downloaded Files\copernic2000_41.exe
      Size . . . . . . . : 2,441,008 bytes
      Age  . . . . . . . : 563.4 days (2013-04-27 14:19:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : D04A385B6634CC3ADD88B4FEEAD6FB82EEB3E39CD89D1DC87BF5ABA571AA2B1C
      Product  . . . . . : PackageForTheWeb Stub
      Publisher  . . . . : InstallShield Software Corporation
      Description  . . . : PackageForTheWeb Stub
      Version  . . . . . : 2.04.001
      Copyright  . . . . : Copyright © 1996-1999 InstallShield Software Corporation
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         Program is code signed with a weak certificate. This is common to malware.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Gusti\Documents\P\AR\Downloaded Files\copernic2000es.exe
      Size . . . . . . . : 2,914,384 bytes
      Age  . . . . . . . : 563.4 days (2013-04-27 14:19:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8221F731F35286016B6F0289B333F5C0904C29B1C511298AF579F5AF2D6E622C
      Product  . . . . . : Copernic 2000                                                
      Publisher  . . . . : Copernic Technologies Inc.                                   
      Description  . . . :                                                              
      Version  . . . . . : 4550
      Copyright  . . . . :                                                             
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         Program is code signed with a weak certificate. This is common to malware.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Gusti\Documents\P\AR\GUSTAVO\copernic2000es.exe
      Size . . . . . . . : 2,914,384 bytes
      Age  . . . . . . . : 563.4 days (2013-04-27 14:20:17)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 8221F731F35286016B6F0289B333F5C0904C29B1C511298AF579F5AF2D6E622C
      Product  . . . . . : Copernic 2000                                                
      Publisher  . . . . : Copernic Technologies Inc.                                   
      Description  . . . :                                                              
      Version  . . . . . : 4550
      Copyright  . . . . :                                                             
      RSA Key Size . . . : 512
      LanguageID . . . . : 1033
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 25.0
         Program is code signed with a weak certificate. This is common to malware.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\Roxi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOU6W5H\FRST64[1].exe
      Size . . . . . . . : 2,116,096 bytes
      Age  . . . . . . . : 0.0 days (2014-11-11 22:38:22)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 5688C72E8362E4813E3970E44D64B00A540BED1A12B7615E2EE9B3C0206D0BB2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\9A3GUG17.txt
         -0.1s C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\QGMZ8KOF.txt
         -0.1s C:\Users\Roxi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DTTHNBG\82[1].htm
          0.0s C:\Users\Roxi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOU6W5H\FRST64[1].exe
          0.0s C:\Users\Roxi\Desktop\FRST64.exe
          1.6s C:\Users\Roxi\Desktop\FRST-OlderVersion\

   C:\Users\Roxi\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,115,584 bytes
      Age  . . . . . . . : 2.9 days (2014-11-09 00:39:43)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 104A90822CA658A55379DCCBDC9CDBD6C9AC8AEDF4C0045A2C87086CA0B60B19
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\Roxi\Desktop\FRST64.exe
      Size . . . . . . . : 2,116,096 bytes
      Age  . . . . . . . : 0.0 days (2014-11-11 22:38:22)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 5688C72E8362E4813E3970E44D64B00A540BED1A12B7615E2EE9B3C0206D0BB2
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -0.1s C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\9A3GUG17.txt
         -0.1s C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\QGMZ8KOF.txt
         -0.1s C:\Users\Roxi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3DTTHNBG\82[1].htm
         -0.0s C:\Users\Roxi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYOU6W5H\FRST64[1].exe
          0.0s C:\Users\Roxi\Desktop\FRST64.exe
          1.6s C:\Users\Roxi\Desktop\FRST-OlderVersion\


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\s\ (Softonic)

Cookies _____________________________________________________________________

   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\AGKXU5L6.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\DJOH3FXP.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\GK2GX7KS.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\I37NQWW2.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\PD05QCG3.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\V7ZQ9E46.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\VE0SB7D2.txt
   C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Cookies\WH6DRQL1.txt
 

 

 

*****************************************************************************************************************************************

*****************************************************************************************************************************************

 

C:\Users\Gusti\Documents\Applications\Babylon803_r3_full.rar    Win32/Toolbar.Conduit.A potentially unwanted application
C:\Users\Gusti\Documents\Applications\NCH VideoPad Video Editor Professional 2.11 + Crack [RH].rar    a variant of Win32/Toolbar.Conduit.K potentially unwanted application
C:\Users\Gusti\Documents\Applications\TVersitySetup_1_0_0_8a_RC5.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Gusti\Documents\Applications\TVersitySetup_1_7_2_1.exe    a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\Users\Gusti\Documents\emule\dBpower AMP Music Converter 9a + Power Pack 3 + Codecs.zip    a variant of Win32/HackTool.Patcher.BS potentially unsafe application
C:\Users\Gusti\Documents\emule\ImTOO Rippers (CD Ripper 1.08, DVD Ripper 2.0.11, DVD Audio Ripper 1.0.17).rar    a variant of Win32/Keygen.CY potentially unsafe application
C:\Users\Gusti\Documents\P\iPAQ\Tools\Decidi no cargar\thememaker_pro_plus_v1.3_with_keygen.zip    a variant of Win32/Keygen.BA potentially unsafe application
C:\Users\Roxi\Desktop\Desktop Prior to Apr13\debutsetup.exe    a variant of Win32/Toolbar.Conduit.I potentially unwanted application
C:\Users\Roxi\Documents\Viejo\CONCAP.rar    a variant of Win32/AdInstaller potentially unwanted application
 

 

*****************************************************************************************************************************************

*****************************************************************************************************************************************

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014
Ran by Roxi (administrator) on LENOVO on 12-11-2014 04:54:37
Running from C:\Users\Roxi\Desktop
Loaded Profiles: Roxi & Gusti (Available profiles: Roxi & Gusti)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\loggingserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicatorCom.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-06] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1813288 2009-08-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4366704 2009-09-01] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [5825536 2009-08-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3649040 2014-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3060248 2014-11-10] ()
HKU\S-1-5-21-3978099935-2741131164-906008880-1003\...\MountPoints2: {5edc95e9-eaef-11e2-8979-0c6076b80d57} - F:\EasySuite.exe
HKU\S-1-5-21-3978099935-2741131164-906008880-1003\...\MountPoints2: {a2201c65-ef44-11e2-84dd-0c6076b80d57} - F:\EasySuite.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-04-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Roxi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3520 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/
SearchScopes: HKCU - DefaultScope {AD669B35-73D1-47A9-843E-224C94BA9BB8} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={F1433C15-22D9-4D7B-B5BC-A81380592AFB}&mid=9c00771f9ddf47d3964edd29305ce4a4-bebc3582ad485b48691a23a2770fbe32dc5bf498&lang=en&ds=AVG&coid=avgtbavg&cmpid=&pr=fr&d=2014-11-10 14:12:35&v=4.0.0.19&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AD669B35-73D1-47A9-843E-224C94BA9BB8} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.10\ViProtocol.dll (AVG Secure Search)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.10\\npsitesafety.dll No File
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3487248 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-10-16] (AVG Technologies CZ, s.r.o.)
R2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [864032 2009-07-01] (Broadcom Corporation.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CrypKey License; C:\windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2013-10-01] (Sony Corporation)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [253776 2013-03-06] ()
R2 vToolbarUpdater18.1.10; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.10\ToolbarUpdater.exe [1849368 2014-11-10] (AVG Secure Search)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [262424 2014-10-07] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [50976 2014-11-10] (AVG Technologies)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [73744 2009-12-18] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-12] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1799680 2009-08-10] ()
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [X]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [X]
S3 wdmirror; system32\DRIVERS\WDMirror.sys [X]
S3 WinRing0_1_2_0; \??\D:\test\ECECECEC\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 04:54 - 2014-11-12 04:54 - 00016843 _____ () C:\Users\Roxi\Desktop\FRST.txt
2014-11-12 04:40 - 2014-11-12 04:40 - 00001294 _____ () C:\Users\Roxi\Desktop\eset.txt
2014-11-12 00:25 - 2014-11-12 00:25 - 00020672 _____ () C:\Users\Roxi\Desktop\HitmanPro_20141112_0025.log
2014-11-12 00:25 - 2014-11-12 00:25 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-11 22:53 - 2014-11-12 00:25 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-11 22:41 - 2014-11-11 22:42 - 00000492 _____ () C:\windows\error.log
2014-11-11 22:41 - 2014-11-11 22:41 - 00000056 _____ () C:\windows\setupact.log
2014-11-11 22:41 - 2014-11-11 22:41 - 00000000 _____ () C:\windows\setuperr.log
2014-11-11 22:40 - 2014-11-11 22:40 - 00000162 _____ () C:\windows\errord.log
2014-11-11 22:38 - 2014-11-11 22:38 - 00000000 ____D () C:\Users\Roxi\Desktop\FRST-OlderVersion
2014-11-11 22:36 - 2014-11-11 22:36 - 02347384 _____ (ESET) C:\Users\Roxi\Desktop\esetsmartinstaller_enu.exe
2014-11-11 22:32 - 2014-11-11 22:33 - 11222744 _____ (SurfRight B.V.) C:\Users\Roxi\Desktop\HitmanPro_x64.exe
2014-11-11 00:37 - 2014-11-11 18:02 - 00634375 _____ () C:\Users\Roxi\Desktop\buo prueba.pptx
2014-11-10 14:12 - 2014-11-10 21:39 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar
2014-11-10 14:12 - 2014-11-10 18:12 - 00000000 ____D () C:\Users\Roxi\AppData\Local\AVG Web TuneUp
2014-11-10 14:12 - 2014-11-10 14:12 - 00050976 _____ (AVG Technologies) C:\windows\system32\Drivers\avgtpx64.sys
2014-11-10 14:12 - 2014-11-10 14:12 - 00000000 ____D () C:\ProgramData\AVG Web TuneUp
2014-11-10 14:12 - 2014-11-10 14:12 - 00000000 ____D () C:\ProgramData\AVG Secure Search
2014-11-10 14:12 - 2014-11-10 14:12 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUp
2014-11-09 02:02 - 2014-11-09 02:02 - 01678013 _____ () C:\Users\Roxi\Desktop\pc-decrapifier-2.3.1.exe
2014-11-09 01:16 - 2014-11-09 01:16 - 00028990 _____ () C:\Users\Roxi\Desktop\Addition.txt
2014-11-09 00:43 - 2014-11-09 00:43 - 00142178 _____ () C:\Users\Roxi\Desktop\ESETPoweliksCleaner.exe_20141109.004340.20372.log
2014-11-09 00:39 - 2014-11-11 22:38 - 02116096 _____ (Farbar) C:\Users\Roxi\Desktop\FRST64.exe
2014-11-09 00:37 - 2014-11-09 00:37 - 00186568 _____ (ESET) C:\Users\Roxi\Desktop\ESETPoweliksCleaner.exe
2014-11-08 03:15 - 2014-11-08 03:15 - 00019850 _____ () C:\Users\Roxi\Desktop\dds.txt
2014-11-08 03:15 - 2014-11-08 03:15 - 00008037 _____ () C:\Users\Roxi\Desktop\attach.txt
2014-11-08 02:54 - 2014-11-08 03:24 - 00001282 _____ () C:\Users\Roxi\Desktop\bleep.txt
2014-11-08 02:32 - 2014-11-08 02:32 - 00688992 ____R (Swearware) C:\Users\Roxi\Desktop\dds.com
2014-11-05 23:12 - 2014-11-05 23:12 - 00000000 ____D () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B
2014-11-05 21:05 - 2014-11-05 21:05 - 00198312 _____ () C:\Users\Roxi\Documents\cc_20141105_210538.reg
2014-11-03 01:11 - 2014-11-03 01:13 - 00000000 ____D () C:\ProgramData\BSD
2014-11-03 01:11 - 2014-11-03 01:11 - 00000000 ____D () C:\ProgramData\TweakBit
2014-11-03 00:23 - 2014-11-03 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-11-03 00:22 - 2014-11-03 00:22 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-11-03 00:10 - 2014-06-26 20:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-11-03 00:10 - 2014-06-26 19:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-11-03 00:07 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-03 00:07 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-03 00:07 - 2014-08-01 05:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-11-03 00:07 - 2014-08-01 05:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-11-03 00:07 - 2014-06-23 21:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-11-03 00:07 - 2014-06-23 20:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-11-03 00:06 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-11-03 00:06 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-11-03 00:06 - 2014-09-09 16:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-11-03 00:06 - 2014-09-09 15:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-11-03 00:06 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-11-03 00:06 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-11-03 00:06 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-11-03 00:06 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-11-03 00:06 - 2014-06-24 20:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-11-03 00:06 - 2014-06-24 19:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-11-03 00:06 - 2014-02-03 20:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-11-03 00:06 - 2014-02-03 20:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-11-03 00:06 - 2014-02-03 20:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-11-03 00:06 - 2014-02-03 20:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-11-03 00:06 - 2014-02-03 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-11-03 00:02 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-11-03 00:02 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-11-03 00:02 - 2014-01-23 20:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-11-02 13:06 - 2014-11-05 20:50 - 00000000 ____D () C:\AdwCleaner
2014-11-02 09:34 - 2014-11-02 09:34 - 01375089 _____ () C:\Users\Roxi\Downloads\AdwCleaner.exe
2014-10-29 23:04 - 2014-11-12 04:54 - 00000000 ____D () C:\FRST
2014-10-26 23:11 - 2014-10-26 23:11 - 00051200 ____H () C:\Users\Roxi\Desktop\~WRL0003.tmp
2014-10-25 22:58 - 2014-10-25 22:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-10-25 22:57 - 2014-10-25 22:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-10-25 22:54 - 2014-10-25 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-25 22:53 - 2014-10-25 22:54 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 22:53 - 2014-10-25 22:54 - 00000000 ____D () C:\Program Files\iTunes
2014-10-25 22:53 - 2014-10-25 22:54 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-25 22:53 - 2014-10-25 22:53 - 00000000 ____D () C:\Program Files\iPod
2014-10-22 22:19 - 2014-10-22 22:19 - 00000000 ____D () C:\Users\Roxi\AppData\Roaming\AVG2015
2014-10-22 22:06 - 2014-11-08 11:55 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-22 21:15 - 2014-10-22 23:33 - 00000000 ____D () C:\Users\Roxi\AppData\Local\Avg2015
2014-10-16 09:00 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-16 09:00 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 09:00 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-16 09:00 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-16 09:00 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 09:00 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-16 09:00 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 09:00 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 09:00 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 09:00 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-16 09:00 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-16 09:00 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-16 09:00 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 09:00 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 09:00 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-16 09:00 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-16 09:00 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 08:59 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 08:59 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 08:59 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-16 08:59 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-16 08:59 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-16 08:59 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 08:59 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 08:59 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 08:59 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 08:59 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 08:59 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 08:59 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 08:59 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 08:59 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 08:59 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 08:59 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 08:59 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-16 08:59 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 08:59 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 08:59 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 08:59 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-16 08:59 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 08:59 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-16 08:59 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 08:59 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-16 08:59 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 08:59 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-16 08:59 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 08:59 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-16 08:59 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-16 08:59 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-16 08:59 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-16 08:59 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 08:59 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 08:59 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 08:59 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-16 08:59 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-16 08:59 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 08:59 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-16 08:59 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 08:59 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-16 08:56 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 08:53 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 08:53 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 08:53 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-16 08:53 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-16 08:53 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-16 08:53 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 08:53 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 08:53 - 2014-05-30 02:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-10-16 08:53 - 2014-05-30 02:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-10-16 08:53 - 2014-05-30 02:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-10-16 08:53 - 2014-05-30 02:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-10-16 08:53 - 2014-05-30 01:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-10-16 08:43 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 08:43 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-15 08:31 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-15 08:31 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-14 15:07 - 2014-10-14 15:15 - 02629216 _____ () C:\Users\Roxi\Desktop\BC Powder in store activities examples.pptx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-12 04:53 - 2013-04-24 21:18 - 00000000 ____D () C:\Users\Roxi\Documents\Outlook Files
2014-11-12 04:49 - 2014-04-09 04:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-12 03:00 - 2009-12-18 16:28 - 01976718 _____ () C:\windows\WindowsUpdate.log
2014-11-12 02:01 - 2014-07-06 19:25 - 00000000 ____D () C:\Users\Roxi\AppData\Local\Adobe
2014-11-11 22:49 - 2009-07-13 22:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 22:49 - 2009-07-13 22:45 - 00013632 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 22:42 - 2009-07-13 20:34 - 00000502 _____ () C:\windows\win.ini
2014-11-11 22:41 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-11 21:40 - 2013-04-22 21:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-11 17:56 - 2013-07-29 11:35 - 00000000 ___HD () C:\Users\Roxi\Desktop\.picasaoriginals
2014-11-11 09:32 - 2014-03-31 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-11 09:31 - 2013-04-22 21:43 - 00000000 ___HD () C:\$AVG
2014-11-10 23:34 - 2013-09-28 17:11 - 00000000 ____D () C:\Users\Roxi\AppData\Roaming\HpUpdate
2014-11-10 14:56 - 2014-02-03 14:07 - 00000000 ____D () C:\Users\Roxi\Documents\PERSPECTIVA INC 2014
2014-11-09 10:16 - 2014-02-03 22:19 - 00634880 ___SH () C:\Users\Roxi\Documents\Thumbs.db
2014-11-08 03:40 - 2014-08-02 00:33 - 00000000 ____D () C:\Users\Roxi\Documents\Reflect
2014-11-08 02:25 - 2009-07-13 23:13 - 00820766 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-06 18:21 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-11-03 23:12 - 2013-09-28 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-03 00:56 - 2009-07-13 22:45 - 05123776 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-03 00:28 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-11-03 00:28 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\Dism
2014-11-03 00:23 - 2013-04-23 21:47 - 00003062 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-11-03 00:23 - 2013-04-23 21:47 - 00003060 _____ () C:\windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-11-02 23:00 - 2013-04-23 21:54 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-30 14:55 - 2013-04-24 20:24 - 00000000 ____D () C:\Users\Roxi\Documents\jobs
2014-10-29 12:53 - 2014-06-29 01:47 - 00000000 ____D () C:\windows\Minidump
2014-10-27 19:40 - 2013-04-28 21:22 - 00000000 ____D () C:\Users\Roxi\AppData\Roaming\Skype
2014-10-25 22:53 - 2014-09-27 11:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-25 22:53 - 2013-07-08 19:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-24 17:01 - 2009-07-13 23:32 - 00000000 ____D () C:\windows\Performance
2014-10-22 22:25 - 2013-10-01 16:53 - 00000000 ____D () C:\ProgramData\AVG2014
2014-10-22 22:19 - 2013-04-22 21:43 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-10-22 11:49 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-21 09:02 - 2013-04-23 22:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-18 08:58 - 2014-04-09 04:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-18 08:58 - 2014-04-09 04:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-16 09:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-16 09:16 - 2013-08-02 06:01 - 00000000 ____D () C:\windows\system32\MRT
2014-10-16 08:55 - 2013-04-22 23:39 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-06 18:09

==================== End Of Log ============================

 

 

Apologize for the delay in getting back.

Thanks!



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:34 PM

Posted 12 November 2014 - 12:15 PM

Hi,
please post the complete ESET Log like instructed above and the Fixlog.txt as well. :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 thxthx

thxthx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 12 November 2014 - 09:39 PM

I'm so sorry..my wife woke me up at 4am since she needed the laptop and the ESET was on.

I recall there was an option in the main window to click and save the file, and I was able to save it to the desktop. And what I pasted is the complete log.

I can run the ESET again and get the log from the path you mentioned. But before doing so, please confirm I can go directly to STEP 3 and run ESET (disabling the antivirus first).

 

Find below the fixlog.txt.

Thank you!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-11-2014
Ran by Roxi at 2014-11-11 22:39:11 Run:1
Running from C:\Users\Roxi\Desktop
Loaded Profile: Roxi (Available profiles: Roxi & Gusti)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
Folder: "C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B"
cmd: type "C:\Users\Roxi\Documents\cc_20141105_210538.reg"
2014-10-24 21:58 - 2014-10-24 21:58 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
AlternateDataStreams: C:\Users\Roxi\Desktop\Roxana Toledo- Resignation Letter.jpeg:3or4kl4x13tuuug3Byamue2s4b
AlternateDataStreams: C:\Users\Roxi\Desktop\Roxana Toledo- Resignation Letter.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\Users\Roxi\AppData\Local\Temp:B1tt7Fb4Aj7MKWb962VsIYqov
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.

========================= Folder: "C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B" ========================

2014-11-05 23:12 - 2014-11-05 23:12 - 0000512 ____T () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B\~DF67361FFBFC46621C.TMP
2014-11-05 23:12 - 2014-11-05 23:12 - 0131072 _____ () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B\~DFFDCB33B5F7745345.TMP
2014-11-05 23:12 - 2014-11-05 23:12 - 0069796 ____T () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B\16015A3C.emf
2014-11-05 23:12 - 2014-11-05 23:12 - 0041500 ____T () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B\77E17D0D.emf
2014-11-05 23:11 - 2014-11-05 23:11 - 0117248 ___RT () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B\AC14D473.xls
2014-11-05 23:12 - 2014-11-05 23:12 - 0003413 _____ () C:\Users\Roxi\AppData\OICE_15_974FA576_32C1D314_1F7B\mso8FE2.tmp

====== End of Folder: ======

=========  type "C:\Users\Roxi\Documents\cc_20141105_210538.reg" =========

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\vsavb7rt.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\system.enterpriseservices.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorrc.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscordbi.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\mscorsec.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\system.configuration.install.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\microsoft.vsa.vb.codedomprocessor.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\wminet_utils.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\microsoft.jscript.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\diasymreader.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\iehost.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\Windows\\Microsoft.NET\\Framework\\v1.0.3705\\system.data.dll"=dword:00001000

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1028\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1031\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1034\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1036\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1040\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1041\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1042\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1043\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1046\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\1053\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"c:\\Program Files (x86)\\Common Files\\System\\Ole Db\\Resources\\2052\\MSOLAP80.RLL"=dword:00002710

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\ProgramData\\AVG2013\\avi\\incavi.avm"=dword:000003e8

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\\ProgramData\\AVG2013\\avi\\iavichjw.avm"=dword:000003e8

[HKEY_CLASSES_ROOT\mk]

[HKEY_CLASSES_ROOT\res]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BDM]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BDM\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/DROPOFF/Mechanics%20University%20Campaing%20Marinela%20Branding%20Wave/Newspaper/]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/DROPOFF/Mechanics%20University%20Campaing%20Marinela%20Branding%20Wave/Newspaper/\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/DROPOFF/Mechanics%20University%20Campaing%20Marinela%20Branding%20Wave/Posters/]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/DROPOFF/Mechanics%20University%20Campaing%20Marinela%20Branding%20Wave/Posters/\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/DROPOFF/Mechanics%20University%20Campaing%20Marinela%20Branding%20Wave/Stickers/]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.com/DROPOFF/Mechanics%20University%20Campaing%20Marinela%20Branding%20Wave/Stickers/\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPI]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CPI\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CTG]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CTG\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll_0d29dca9]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll_0d29dca9\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DS_Store]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DS_Store\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.modd]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.modd\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPL]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPL\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rar\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sam]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sam\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.slc]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.slc\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.strings]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.strings\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tmp\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Trashes]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.Trashes\OpenWithList]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VRO]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.VRO\OpenWithList]

[HKEY_CLASSES_ROOT\AVSAudioDxPlayer4.AudioDxPlayer4]
@="AudioDxPlayer4 Class"

[HKEY_CLASSES_ROOT\AVSAudioDxPlayer4.AudioDxPlayer4\CLSID]
@="{A1CCCE0D-AE21-42A2-BE58-8E6109410995}"

[HKEY_CLASSES_ROOT\AVSAudioDxPlayer4.AudioDxPlayer4\CurVer]
@="AVSAudioDxPlayer4.AudioDxPlayer4.1"

[HKEY_CLASSES_ROOT\AVSAudioDxPlayer4.AudioDxPlayer4.1]
@="AudioDxPlayer4 Class"

[HKEY_CLASSES_ROOT\AVSAudioDxPlayer4.AudioDxPlayer4.1\CLSID]
@="{A1CCCE0D-AE21-42A2-BE58-8E6109410995}"

[HKEY_CLASSES_ROOT\IKEYENC\DefaultIcon]
@="C:\\Program Files (x86)\\Lenovo\\VeriFace\\fileDeCrypt.exe,0"

[HKEY_CLASSES_ROOT\IKEYENC\shell\Open]

[HKEY_CLASSES_ROOT\IKEYENC\shell\Open\command]
@="C:\\Program Files (x86)\\Lenovo\\VeriFace\\fileDeCrypt.exe %1 -D"

[HKEY_CLASSES_ROOT\InfoPath.TemplatePart.4]

[HKEY_CLASSES_ROOT\InfoPath.TemplatePart.4\shell]
@="open"

[HKEY_CLASSES_ROOT\PCBFile]

[HKEY_CLASSES_ROOT\PCBFile\shell]
@=""

[HKEY_CLASSES_ROOT\Word.Addin.8]

[HKEY_CLASSES_ROOT\Word.Addin.8\shell]
@=""

[HKEY_CLASSES_ROOT\CLSID\{95028000-A6DE-493B-B253-9E18B19610A2}]
"AppID"="{30DFD7C6-CE25-46D5-9502-5806BAF6E664}"
@="UpdaterSetup Class"
"LocalizedString"="@C:\\Program Files (x86)\\Skype\\Updater\\Updater.dll,-100"

[HKEY_CLASSES_ROOT\CLSID\{95028000-A6DE-493B-B253-9E18B19610A2}\Elevation]
"Enabled"=dword:00000001
"IconReference"="@C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe,-203"

[HKEY_CLASSES_ROOT\CLSID\{95028000-A6DE-493B-B253-9E18B19610A2}\InprocServer32]
@="C:\\Program Files (x86)\\Skype\\Updater\\Updater.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{95028000-A6DE-493B-B253-9E18B19610A2}\TypeLib]
@="{EC66B00F-14FB-4CA5-9A12-574998BAF005}"

[HKEY_CLASSES_ROOT\CLSID\{95028000-A6DE-493B-B253-9E18B19610A2}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{CC957078-B838-47C4-A7CF-626E7A82FC58}]
"AppID"="{27E6D007-EE3B-4FF7-8AE8-28EF0739124C}"
@="SkypeUpdater Class"

[HKEY_CLASSES_ROOT\CLSID\{CC957078-B838-47C4-A7CF-626E7A82FC58}\LocalServer32]
@="\"C:\\Program Files (x86)\\Skype\\Updater\\Updater.exe\""

[HKEY_CLASSES_ROOT\CLSID\{CC957078-B838-47C4-A7CF-626E7A82FC58}\TypeLib]
@="{D46C987D-F68A-4412-872B-4803DBF77B72}"

[HKEY_CLASSES_ROOT\CLSID\{CC957078-B838-47C4-A7CF-626E7A82FC58}\Version]
@="1.0"

[HKEY_CLASSES_ROOT\CLSID\{D859E279-0112-4e2b-BA62-89F79C0817B7}]
@="ManageOem Class"
"AppID"="{28E54C2A-AEBA-4784-8E66-332EC4F7DAC0}"

[HKEY_CLASSES_ROOT\CLSID\{D859E279-0112-4e2b-BA62-89F79C0817B7}\LocalServer32]
@="\"c:\\PROGRA~2\\mcafee\\msc\\mcoemmgr.exe\""

[HKEY_CLASSES_ROOT\CLSID\{D859E279-0112-4e2b-BA62-89F79C0817B7}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{D859E279-0112-4e2b-BA62-89F79C0817B7}\TypeLib]
@="{19F4CECD-60C0-49D3-86F9-839544C513CF}"

[HKEY_CLASSES_ROOT\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}]
@="McNDNetworkHandler Class"
"AppID"="{82D96553-6CA2-495E-8918-5C0B00AC2F41}"

[HKEY_CLASSES_ROOT\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\InprocServer32]
@="c:\\PROGRA~2\\mcafee\\msc\\mcndsv.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\ProgID]
@="McNDSrv.McNDNetworkHandler.1"

[HKEY_CLASSES_ROOT\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\TypeLib]
@="{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}"

[HKEY_CLASSES_ROOT\CLSID\{EB1358E3-48FD-469E-B075-C539955E40C2}\VersionIndependentProgID]
@="McNDSrv.McNDNetworkHandler"

[HKEY_CLASSES_ROOT\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}]
@="McNDController Class"
"AppID"="{82D96553-6CA2-495E-8918-5C0B00AC2F41}"

[HKEY_CLASSES_ROOT\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\InprocServer32]
@="c:\\PROGRA~2\\mcafee\\msc\\mcndsv.dll"
"ThreadingModel"="Both"

[HKEY_CLASSES_ROOT\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\ProgID]
@="McNDSrv.McNDController.1"

[HKEY_CLASSES_ROOT\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\Programmable]

[HKEY_CLASSES_ROOT\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\TypeLib]
@="{16EC136D-A6F0-4833-8FE1-ECA50DE15F5E}"

[HKEY_CLASSES_ROOT\CLSID\{FF0F1C05-6135-424B-8EFD-3DBCDA7063FB}\VersionIndependentProgID]
@="McNDSrv.McNDController"

[HKEY_CLASSES_ROOT\CLSID\{86FC9412-5C79-4fb3-A2D7-2AC3B8824EBD}]
@="CAMEWMEncodingHelper Object"

[HKEY_CLASSES_ROOT\CLSID\{86FC9412-5C79-4fb3-A2D7-2AC3B8824EBD}\LocalServer32]
@="C:\\Program Files\\Adobe\\Adobe Premiere Pro CC\\WMEncodingHelper.exe"

[HKEY_CLASSES_ROOT\CLSID\{86FC9412-5C79-4fb3-A2D7-2AC3B8824EBD}\ProgID]
@="WMHelper.AMEWMEncodingHelper.2"

[HKEY_CLASSES_ROOT\CLSID\{86FC9412-5C79-4fb3-A2D7-2AC3B8824EBD}\VersionIndependentProgID]
@="WMHelper.AMEWMEncodingHelper"

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}]
@="ISearch"

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}\TypeLib]
"Version"="1.0"
@="{47A7A4B0-2723-41BA-865E-EBBB7081A602}"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}]
@="IUserHelper"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{915DA835-02FE-4953-92FA-624BDF5D85AB}\TypeLib]
@="{19D52A9A-379C-4720-BA00-3D396ECD24D7}"
"Version"="1.0"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}]
@="IiPodManagerUI"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_CLASSES_ROOT\Interface\{D775A119-EAC2-4F28-B06E-8AC16F2695DA}\TypeLib]
@="{19D52A9A-379C-4720-BA00-3D396ECD24D7}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\migwiz.exe]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\None]
"Path"="C:\\Program Files\\CyberLink\\PowerDirector11"
@="C:\\Program Files\\CyberLink\\PowerDirector11\\PDR11.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\EE8JIS02\\avg_free_stb_all_2013_3272_cnet[1].exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\BXD1O3MU\\Setup.x86.en-US_ProPlusRetail_N38PK-QT4JR-KJQT6-K7J7H-DRP9Q_TX_PR_act_1_.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\XRCYYN0C\\SkypeSetup.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\3EIPYD0G\\picasa39-setup.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\AF1KI01B\\install_flashplayer11x32ax_gtbd_chrd_dn_aih.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\P1YFKOEA\\DJ3520_1315.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\Desktop\\borrame\\devonecodewalletpro2006_pcsetup_662.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files (x86)\\AVG\\AVG2013\\avgmfapx.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"F:\\PMHOME.EXE"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\Desktop\\Adobe CC\\Photoshop\\Adobe CC\\Set-up.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\Desktop\\Adobe CC\\Premiere Pro\\Adobe Premiere Pro CC\\Set-up.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\Desktop\\Adobe CC\\Lightroom_5_LS11_win_5_2.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Temp\\HpUpdate\\26593\\hpusetup.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files (x86)\\AVG\\AVG2014\\avgmfapx.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\windows\\TEMP\\{638D1AF1-3350-4ADB-91D8-3D46F1DC56DA}.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\YLEF25R6\\mbam-setup-2.0.1.1004.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files (x86)\\Seagate\\Seagate Dashboard\\MemeoUpdater.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\windows\\TEMP\\{A84A5DA8-1E81-4A19-A6F1-3306987EAFB2}.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Program Files (x86)\\AVG SafeGuard toolbar\\Uninstall.exe"=dword:00000020

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Temp\\{9899AF95-50A4-47AE-857D-753FF112DAC9}\\InstallFlashPlayer.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\windows\\TEMP\\ri_{909FE26F-4AE9-4CBF-8654-11D9319D1FBE}.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\windows\\TEMP\\{455F2D89-7ADA-4E18-89E4-B30C9E1DEA56}.exe"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]
"C:\\Users\\Roxi\\AppData\\Local\\Temp\\HpUpdate\\27538\\FWUpdateEDO2_305748.exe"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Installer\\{5CD3BA1D-5C03-838E-797F-E930300411A0}\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Installer\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Users\\Administrator\\AppData\\Roaming\\Microsoft\\Installer\\{E4C850CE-C78B-4E21-57C5-C297829ADD9B}\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\AVG2013\\avi\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.10411.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.10411.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20125.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20125.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20513.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\Microsoft Silverlight\\5.1.20513.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\AVG\\AVG2014\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\AVG2014\\IDS\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\AVG2014\\avi\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\AVG\\AVG2014\\banners\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\AVG\\AVG2014\\awacs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.20913.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.20913.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\ProgramData\\Sony Corporation\\PMB\\TempPMBLicenseInfo\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\MenuDesigner\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\MenuDesigner\\Runtime\\Skin\\1024x768\\Common\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\MenuDesigner\\Runtime\\Skin\\1024x768\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\MenuDesigner\\Runtime\\Skin\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\MenuDesigner\\Runtime\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\x64\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\x86\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\PinPDesigner\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\authoring\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\decoderPack\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\decoderPack\\CLCVD\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\encoderPack\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\Online\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\CyberLink\\PowerDirector11\\Setup\\RichVideo\\"="1"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\MenuDesigner\\Runtime\\Skin\\EffectPageParam\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Chs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Cht\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Deu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Enu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Esp\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Fra\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Ita\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Jpn\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Kor\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Nld\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Plk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Ptb\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Ptg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\Boomerang\\Language\\Rus\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files\\CyberLink\\PowerDirector11\\runtime\\SingleFileTransCoder\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files (x86)\\Microsoft Silverlight\\5.1.30214.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\de\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\es\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\fr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\it\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ja\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ko\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ru\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\zh-Hans\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\zh-Hant\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ar\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\bg\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ca\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\cs\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\da\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\el\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\et\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\eu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\fi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\he\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\hr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\hu\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\id\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\lt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\lv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ms\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\nl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\no\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\pl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\pt-BR\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\pt\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\ro\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\sk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\sl\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\sr-Cyrl-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\sr-Latn-CS\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\sv\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\th\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\tr\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\uk\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"c:\\Program Files\\Microsoft Silverlight\\5.1.30214.0\\vi\\"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\\Program Files (x86)\\CyberLink\\PowerDirector11\\Setup\\RichVideo\\"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\InstallShield]

[HKEY_LOCAL_MACHINE\Software\NewBlue]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31753|Desc=@FirewallAPI.dll,-31756|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31757|Desc=@FirewallAPI.dll,-31760|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F2B147-5D60-407D-BF5B-038FB1C72292}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2013\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95128B11-FD0F-4B3A-BC79-9CDB22400F6D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2013\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A085A35-729F-411A-8CB1-65F27A1DB697}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe|Name=SeagateHipServAgent|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45574E0A-1D6E-48DC-9BF4-348002B6BEAE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\\Program Files\\CyberLink\\PowerDirector11\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E27B9359-3AF5-4DDD-9E56-0291BC58D575}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2014\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86194F16-2CB1-43F4-AF77-1FFE3CC18BAA}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2014\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C0A16A1-7953-4B27-B5E7-C2855FD15015}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\CyberLink\\PowerDirector11\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-In-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-Out-TCP-NoScope"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Domain|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-WSD-In-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31753|Desc=@FirewallAPI.dll,-31756|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-WSD-Out-UDP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31757|Desc=@FirewallAPI.dll,-31760|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-In-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31761|Desc=@FirewallAPI.dll,-31764|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"NetPres-Out-TCP"="v2.10|Action=Allow|Active=FALSE|Dir=Out|Protocol=6|Profile=Private|Profile=Public|RA4=LocalSubnet|RA6=LocalSubnet|App=%SystemRoot%\\system32\\netproj.exe|Name=@FirewallAPI.dll,-31765|Desc=@FirewallAPI.dll,-31768|EmbedCtxt=@FirewallAPI.dll,-31752|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F2B147-5D60-407D-BF5B-038FB1C72292}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2013\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{95128B11-FD0F-4B3A-BC79-9CDB22400F6D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2013\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4A085A35-729F-411A-8CB1-65F27A1DB697}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe|Name=SeagateHipServAgent|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45574E0A-1D6E-48DC-9BF4-348002B6BEAE}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=c:\\Program Files\\CyberLink\\PowerDirector11\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E27B9359-3AF5-4DDD-9E56-0291BC58D575}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2014\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{86194F16-2CB1-43F4-AF77-1FFE3CC18BAA}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\\Program Files (x86)\\AVG\\AVG2014\\avgmfapx.exe|Name=AVG Installer|"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4C0A16A1-7953-4B27-B5E7-C2855FD15015}"="v2.10|Action=Allow|Active=TRUE|Dir=In|App=C:\\Program Files (x86)\\CyberLink\\PowerDirector11\\PDR10.EXE|Name=CyberLink PowerDirector|Desc=CyberLink PowerDirector|"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DLSService"="\"C:\\Program Files (x86)\\DYMO\\DYMO Label Software\\DLSService.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG-Secure-Search-Update_0214c"="C:\\Users\\Roxi\\AppData\\Roaming\\AVG 0214c Campaign\\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=9c00771f9ddf47d3964edd29305ce4a4-bebc3582ad485b48691a23a2770fbe32dc5bf498 /CMPID=0214c"

========= End of CMD: =========

C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8} => Moved successfully.
"C:\Users\Roxi\Desktop\Roxana Toledo- Resignation Letter.jpeg" => ":3or4kl4x13tuuug3Byamue2s4b" ADS not found.
C:\Users\Roxi\Desktop\Roxana Toledo- Resignation Letter.jpeg => ":{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}" ADS removed successfully.
C:\Users\Roxi\AppData\Local\Temp => ":B1tt7Fb4Aj7MKWb962VsIYqov" ADS removed successfully.

The system needed a reboot.

==== End of Fixlog ====



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:34 PM

Posted 13 November 2014 - 10:51 AM

Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
log.txt
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.
lesestoff.png

Can you please tell me which problems still persist now?
How is the computer running?

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 thxthx

thxthx
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 13 November 2014 - 02:53 PM

Farbar Recovery Scan Tool (x64) Version: 13-11-2014
Ran by Roxi at 2014-11-13 12:59:06
Running from C:\Users\Roxi\Desktop
Boot Mode: Normal

================== Search Files: "log.txt" =============

====== End Of Search ======

 

 

I don't see any issues with the laptop.

Perhaps my only questions would be:

 

1) Does anything need to be done with the things found by HitmanPro and ESET?

 

2) Now in IE I noticed some add-ons from AVG:

    a) In Toolbars and Extensions: ScriptHelperApi Class (Enabled) and AVG Web TuneUp (Disabled)

    B) In Search Engines: AVG Secure Search (Enabled)

 

    Are these safe? Better if I remove them?

 

Thanks



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:34 PM

Posted 13 November 2014 - 03:27 PM

I don't see any issues with the laptop.....It's good to hear that your problems appear to be solved :thumbup2:

Perhaps my only questions would be:
 
1) Does anything need to be done with the things found by HitmanPro and ESET?
No. ESET (and Hitman as well)  hasn't found any active malware.
2) Now in IE I noticed some add-ons from AVG:
    a) In Toolbars and Extensions: ScriptHelperApi Class (Enabled) and AVG Web TuneUp (Disabled)
    B) In Search Engines: AVG Secure Search (Enabled)
 
    Are these safe? Better if I remove them?

BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.0.19\AVG Web TuneUp.dll (AVG)
http://www.systemlookup.com/search.php?type=clsid&client=malwaresearch-ff&search=95B7759C-8C7F-4BF1-B163-73684A933233
http://www.herdprotect.com/avg-web-tuneup_toolbar.dll-ffe09b993e32a9786215fba32ee524c31a5f9234.aspx
Apparently they are bundled with your Antivirus program. Therefore it's your choice. :)

 

 
 

127.0.0.1                   activate.adobe.com
127.0.0.1                   practivate.adobe.com
C:\Users\Gusti\Documents\emule\dBpower AMP Music Converter 9a + Power Pack 3 + Codecs.zip a variant of Win32/HackTool.Patcher.BS potentially unsafe application
C:\Users\Gusti\Documents\emule\ImTOO Rippers (CD Ripper 1.08, DVD Ripper 2.0.11, DVD Audio Ripper 1.0.17).rar a variant of Win32/Keygen.CY potentially unsafe application
C:\Users\Gusti\Documents\P\iPAQ\Tools\Decidi no cargar\thememaker_pro_plus_v1.3_with_keygen.zip a variant of Win32/Keygen.BA potentially unsafe application

 
The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.
 

Cracking applications are used for illegally breaking (cracking) various copy-protection and registration techniques used in commercial software. These programs may be distributed via Web sites, Usenet, and P2P networks.

http://www.trendmicro.com/vinfo/grayware/v...=CRCK_KEYGEN.BB

 

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...


http://blog.trendmicro.com/crack-sites-dis...rux-and-fakeav/

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a lot of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.
 
_______________________________________________________________________________________________________________________________________________________________
 
 
 
That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Flash Player 14 ActiveX

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:08:34 PM

Posted 15 November 2014 - 01:20 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users