Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus Protection is turned off [Closed]

Started by Ayame12 , Jul 20 2013 01:11 AM

  • This topic is locked This topic is locked

#1
Ayame12
Posted 20 July 2013 - 01:11 AM

Ayame12

    New Member

  • Member
  • Pip
  • 9 posts
I clicked on a link on my Facebook Account as a result I was not able to talk to my friends on Facebook anymore so I deactivated my account. But my computer acting strange:
1. My computer is very slow
2. My McAfee Internet Security which is outdated I got a message on my computer that say "Virus and Spyware Protection is turned off" on the Notification Area.
3. The Encryption (http://) on the address bar on my browser keep on crashing.

So thank you for taking the time to read this and so please help me fix this.



OTL logfile created on: 7/20/2013 2:35:46 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.77 Gb Available Physical Memory | 48.24% Memory free
7.36 Gb Paging File | 4.60 Gb Available in Paging File | 62.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 270.81 Gb Free Space | 60.49% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/20 02:34:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
PRC - [2013/07/12 20:25:52 | 000,217,992 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/29 10:51:53 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/06/29 10:51:53 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/29 10:51:53 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/06/28 05:58:42 | 000,101,888 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2013/06/18 03:55:04 | 001,205,088 | ---- | M] (TorchMedia Inc.) -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe
PRC - [2013/05/22 10:30:52 | 000,661,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/02/05 11:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/03/31 08:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/31 08:38:36 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/31 08:38:34 | 001,092,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/09 16:57:54 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45e4072bdc78b50abd6a5f28386e8153\IAStorUtil.ni.dll
MOD - [2013/07/09 16:32:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/09 16:32:07 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/09 16:31:55 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/09 16:31:33 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/09 16:31:25 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/09 16:31:19 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/09 16:31:18 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/09 16:31:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/29 10:51:54 | 000,521,392 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/29 10:51:54 | 000,145,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013/06/29 10:51:53 | 002,236,080 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2010/02/28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/06/30 21:56:54 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/29 10:51:53 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/06/28 05:58:42 | 000,101,888 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013/06/18 03:55:04 | 001,205,088 | ---- | M] (TorchMedia Inc.) [Auto | Running] -- C:\Users\Mars\AppData\Local\Torch\Update\TorchCrashHandler.exe -- (TorchCrashHandler)
SRV - [2013/06/17 15:01:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/30 15:35:02 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/30 15:35:02 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/30 15:35:02 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/06/29 10:51:54 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/04/19 00:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/19 00:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/19 00:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/17 05:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/08 06:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/21 21:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....sa&d=2013-06-29 10:52:04&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/06/28 08:37:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.3.0.11 [2013/06/29 10:52:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/07/01 01:46:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird


========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://mysearch.avg....sa&d=2013-06-29 10:52:04&v=15.3.0.11&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.c...earchTerms}&o=1
CHR - homepage: http://mysearch.avg....sa&d=2013-06-29 10:52:04&v=15.3.0.11&pid=safeguard&sg=0&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
CHR - Extension: Freemake Video Converter = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
CHR - Extension: Torch Share = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\kiplfnciaokpcennlkldkdaeaaomamof\1.0.0.3604_0\
CHR - Extension: AVG SafeGuard toolbar = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.3.0.11_0\
CHR - Extension: Gmail = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20130627210558.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20130627210558.dll (McAfee, Inc.)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe -update activex File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8558FF40-0CB0-4816-B21B-8CFFDA0DF480}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/20 02:34:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/07/19 10:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/18 02:09:00 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\WMTools Downloaded Files
[2013/07/18 02:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2013/07/13 12:03:42 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\Goodness
[2013/07/12 19:39:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\PowerCinema
[2013/07/11 13:12:38 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\CyberLink
[2013/07/11 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Software
[2013/07/10 12:18:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/09 21:04:41 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\New folder (2)
[2013/07/09 08:12:24 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\New folder
[2013/07/05 20:26:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\e-Sword
[2013/07/05 20:13:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Sword
[2013/07/05 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EzTools
[2013/07/05 20:13:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\e-Sword
[2013/07/03 10:14:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/07/02 09:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\Mars 5
[2013/07/01 01:47:16 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\FreemakeVideoConverter
[2013/07/01 01:46:25 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Freemake
[2013/07/01 01:46:25 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/01 01:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013/07/01 01:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013/07/01 01:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake
[2013/07/01 01:39:33 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Programs
[2013/06/30 23:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\Prayers Prayers That Rout Demons And Breaking Curses
[2013/06/30 23:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\prayers Moving Mountains and release Heaven on Earth
[2013/06/30 23:32:04 | 000,000,000 | ---D | C] -- C:\Users\Mars\Desktop\Prayers for Healing and Blessing
[2013/06/30 21:56:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/06/30 15:34:52 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/30 15:34:52 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/06/30 15:34:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/06/30 15:34:51 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/06/30 15:34:51 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/06/30 15:34:50 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/30 15:34:47 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/06/30 15:34:47 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/06/30 15:33:52 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/06/30 15:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/06/30 15:31:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/06/29 12:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/06/29 11:13:06 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Prayers Prayers That Rout Demons And Breaking Curses
[2013/06/29 11:13:06 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Prayers for Healing and Blessing
[2013/06/29 11:13:05 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\prayers Moving Mountains and release Heaven on Earth
[2013/06/29 11:05:30 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Calibre Library
[2013/06/29 11:05:29 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/06/29 11:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Calibre2
[2013/06/29 11:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
[2013/06/29 10:54:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MyPC Backup
[2013/06/29 10:52:13 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\AVG SafeGuard toolbar
[2013/06/29 10:52:02 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/06/29 10:51:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/06/29 10:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/06/29 10:51:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/06/29 10:51:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/06/29 10:16:14 | 000,000,000 | ---D | C] -- C:\ProgramData\TorchCrashHandler
[2013/06/29 10:15:53 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
[2013/06/29 10:11:22 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Torch
[2013/06/29 09:54:28 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\vlc
[2013/06/29 09:54:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/29 09:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/06/29 01:19:26 | 000,000,000 | ---D | C] -- C:\d46316de556dd9692719a5de3d
[2013/06/29 01:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/06/29 01:05:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/06/29 01:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/06/28 15:07:08 | 000,101,184 | ---- | C] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2013/06/28 15:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon
[2013/06/28 13:54:20 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Kindle Content
[2013/06/28 13:54:15 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013/06/28 13:54:04 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Amazon
[2013/06/28 12:13:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/06/28 11:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64
[2013/06/28 11:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Scan
[2013/06/28 11:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Scan
[2013/06/28 11:51:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSSx64\0400010.010
[2013/06/28 11:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/06/28 11:51:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/06/28 11:51:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/06/28 10:15:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/06/28 10:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2013/06/28 10:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2013/06/28 10:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/06/28 08:28:52 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\ESET
[2013/06/28 08:28:52 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\ESET
[2013/06/28 00:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2013/06/27 22:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/27 22:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/06/27 22:19:53 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Google
[2013/06/27 22:19:16 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Apps
[2013/06/27 22:19:15 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Deployment
[2013/06/27 22:17:40 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2013/06/27 22:12:34 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\SoftGrid Client
[2013/06/27 22:12:33 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\SoftGrid Client
[2013/06/27 22:12:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
[2013/06/27 22:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/06/27 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/27 22:12:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2013/06/27 22:11:48 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TP
[2013/06/27 21:55:00 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\CyberLink
[2013/06/27 21:51:14 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013/06/27 21:44:46 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Youcam
[2013/06/27 20:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2013/06/27 20:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2013/06/27 20:54:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2013/06/27 20:54:58 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2013/06/27 20:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2013/06/27 20:32:55 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2013/06/27 18:57:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/06/27 18:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/06/27 18:50:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/06/27 18:50:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/06/27 17:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi
[2013/06/27 15:57:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\EgisTec IPS
[2013/06/27 15:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/06/27 15:55:59 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/06/27 15:55:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Times Reader
[2013/06/27 15:55:12 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Acer
[2013/06/27 15:55:05 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\CyberLink
[2013/06/27 15:54:48 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\PowerCinema
[2013/06/27 15:54:18 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\VirtualStore
[2013/06/27 15:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Temporary Internet Files
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Templates
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Start Menu
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\SendTo
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Recent
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\PrintHood
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\NetHood
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Videos
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Pictures
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Music
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\My Documents
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Local Settings
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\History
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Cookies
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Application Data
[2013/06/27 15:54:06 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Application Data
[2013/06/27 15:54:03 | 000,000,000 | --SD | C] -- C:\Users\Mars\AppData\Roaming\Microsoft
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Videos
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Searches
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Saved Games
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Pictures
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Music
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Links
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Favorites
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Downloads
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Documents
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Desktop
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\Contacts
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/06/27 15:54:03 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/06/27 15:54:03 | 000,000,000 | -H-D | C] -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/06/27 15:54:03 | 000,000,000 | -H-D | C] -- C:\Users\Mars\AppData
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Temp
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Microsoft
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Macromedia
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Intel Corporation
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\InstallShield
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Identities
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Downloaded Installations
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Adobe
[2013/06/27 15:54:03 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe
[2013/06/27 15:53:51 | 000,000,000 | -HSD | C] -- C:\Recovery
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/20 02:34:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/07/20 02:31:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/20 01:46:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/19 20:31:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/19 19:31:37 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/19 19:31:37 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/19 19:31:37 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/19 19:28:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/19 18:32:29 | 000,080,460 | ---- | M] () -- C:\Users\Mars\Documents\websites.rtf
[2013/07/19 15:49:38 | 000,000,450 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Mars.job
[2013/07/19 11:25:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 11:25:46 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/19 10:03:07 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013/07/19 10:01:44 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 18:11:15 | 000,000,162 | -H-- | M] () -- C:\Users\Mars\Documents\~$re to belive conferences.rtf
[2013/07/18 02:07:04 | 000,005,632 | ---- | M] () -- C:\Users\Mars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/18 01:07:28 | 000,000,234 | ---- | M] () -- C:\Windows\wininit.ini
[2013/07/18 01:07:11 | 000,002,205 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/07/18 01:07:11 | 000,002,203 | ---- | M] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/07/16 23:06:37 | 001,611,628 | ---- | M] () -- C:\Users\Mars\Documents\Dare to Believe_ The True Power of Faith - Becky Dvorak.mobi
[2013/07/16 22:55:18 | 000,694,491 | ---- | M] () -- C:\Users\Mars\Desktop\1 103527480-How-to-heal-the-sick-Charles-Frances-Hunter.pdf
[2013/07/12 20:38:07 | 000,002,187 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 10:32:45 | 002,244,577 | ---- | M] () -- C:\Users\Mars\Desktop\ebookearsthathear PDF1.pdf
[2013/07/10 21:35:27 | 002,887,543 | ---- | M] () -- C:\Users\Mars\Desktop\9780768484991 - Copy.pdf
[2013/07/10 21:12:57 | 006,202,052 | ---- | M] () -- C:\Users\Mars\1 1 Help_God_Im_Broke_Ebook.pdf
[2013/07/10 19:28:23 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/07/10 19:28:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/07/10 17:21:35 | 005,938,036 | ---- | M] () -- C:\Users\Mars\1 Help_God_Im_Broke_Ebook.pdf
[2013/07/10 13:47:01 | 000,842,756 | ---- | M] () -- C:\Users\Mars\Desktop\1 Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/07/10 12:56:26 | 000,538,575 | ---- | M] () -- C:\Users\Mars\Desktop\01 possibilities of prayer by e m bounds.pdf
[2013/07/10 12:54:45 | 006,457,943 | ---- | M] () -- C:\Users\Mars\Desktop\1 Help_God_Im_Broke_Ebook.pdf
[2013/07/09 21:47:12 | 000,002,283 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/09 16:28:19 | 000,291,696 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/09 14:19:30 | 001,731,976 | ---- | M] () -- C:\Users\Mars\Documents\dare to belive conferences.rtf
[2013/07/09 13:18:31 | 002,422,578 | ---- | M] () -- C:\Users\Mars\Desktop\365 daysofhealing.pdf
[2013/07/09 13:17:55 | 003,824,893 | ---- | M] () -- C:\Users\Mars\Desktop\(1)Dare to Believe1.pdf
[2013/07/09 11:13:29 | 000,064,029 | ---- | M] () -- C:\Users\Mars\Desktop\TIKE201307.pdf
[2013/07/09 09:22:27 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/07/05 20:13:20 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\e-Sword.lnk
[2013/07/03 13:58:50 | 000,034,370 | ---- | M] () -- C:\Users\Mars\Documents\prophetic word.rtf
[2013/07/03 10:14:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/07/03 10:14:00 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/07/01 01:46:25 | 000,001,324 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/06/30 16:26:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/06/30 15:35:02 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/06/30 15:35:02 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/06/30 15:35:02 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/30 15:35:02 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/30 15:35:02 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/30 15:35:02 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/29 11:05:06 | 000,000,964 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/06/29 10:52:58 | 000,033,958 | ---- | M] () -- C:\ProgramData\uninstaller.exe
[2013/06/29 10:51:54 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/06/29 10:31:36 | 000,002,175 | ---- | M] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/06/29 10:31:36 | 000,002,173 | ---- | M] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/06/29 09:54:13 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/29 06:04:20 | 000,001,661 | ---- | M] () -- C:\Users\Mars\Desktop\SendToKindle - Shortcut.lnk
[2013/06/29 01:10:54 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/28 15:07:07 | 000,101,184 | ---- | M] (Amazon.com, Inc.) -- C:\Windows\SysNative\stkMonitor.dll
[2013/06/28 13:54:16 | 000,002,225 | ---- | M] () -- C:\Users\Mars\Desktop\Kindle.lnk
[2013/06/28 11:51:52 | 000,001,457 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2013/06/27 21:05:02 | 000,173,333 | ---- | M] () -- C:\Windows\hpoins46.dat
[2013/06/27 18:53:03 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/06/27 18:53:03 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/06/27 18:39:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/27 18:39:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/27 16:09:31 | 000,001,441 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/27 15:56:12 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/06/27 15:56:00 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/06/27 15:55:43 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Times Reader.lnk
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/19 18:27:37 | 002,422,578 | ---- | C] () -- C:\Users\Mars\Desktop\365 daysofhealing.pdf
[2013/07/18 18:11:15 | 000,000,162 | -H-- | C] () -- C:\Users\Mars\Documents\~$re to belive conferences.rtf
[2013/07/18 02:07:01 | 000,005,632 | ---- | C] () -- C:\Users\Mars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/18 02:02:31 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2013/07/16 23:07:23 | 001,611,628 | ---- | C] () -- C:\Users\Mars\Documents\Dare to Believe_ The True Power of Faith - Becky Dvorak.mobi
[2013/07/16 22:52:10 | 000,694,491 | ---- | C] () -- C:\Users\Mars\Desktop\1 103527480-How-to-heal-the-sick-Charles-Frances-Hunter.pdf
[2013/07/16 22:50:24 | 000,692,225 | ---- | C] () -- C:\Users\Mars\Desktop\103527480-How-to-heal-the-sick-Charles-Frances-Hunter.pdf
[2013/07/15 04:22:57 | 000,864,532 | ---- | C] () -- C:\Users\Mars\Desktop\111628744-Power-Of-A-Praying-Life-Stormie-Omartian.pdf
[2013/07/15 04:22:57 | 000,715,936 | ---- | C] () -- C:\Users\Mars\Desktop\111628651-Lord-I-Want-To-Be-Whole-Stormie-Omartian.pdf
[2013/07/15 04:22:57 | 000,544,355 | ---- | C] () -- C:\Users\Mars\Desktop\111628833-Power-Of-A-Praying-Wife-Stormie-Omartian.pdf
[2013/07/13 11:57:34 | 047,788,112 | ---- | C] () -- C:\Users\Mars\Desktop\Posturing Yourself For Breakthrough - XPMedia.com4.mp4
[2013/07/13 11:57:03 | 002,620,410 | ---- | C] () -- C:\Users\Mars\Desktop\-How-to-Meditate-God-s-Word-Dennis-Burke.pdf
[2013/07/13 11:54:48 | 001,001,293 | ---- | C] () -- C:\Users\Mars\Desktop\scripture decree1.pdf
[2013/07/11 00:29:57 | 014,903,490 | ---- | C] () -- C:\Users\Mars\Desktop\prayers-that-rout-demons-eckhardt.pdf
[2013/07/11 00:29:57 | 000,671,702 | ---- | C] () -- C:\Users\Mars\Desktop\113857348-Prayers-That-Bring-Change-by-Kimberly-Daniels.pdf
[2013/07/11 00:29:57 | 000,671,106 | ---- | C] () -- C:\Users\Mars\Desktop\Prayers That Move Mountains by John Eckhardt.pdf
[2013/07/11 00:29:57 | 000,626,784 | ---- | C] () -- C:\Users\Mars\Desktop\Prayers That Bring Healing.pdf
[2013/07/11 00:29:57 | 000,623,374 | ---- | C] () -- C:\Users\Mars\Desktop\Prayers That Activate Blessings.pdf
[2013/07/11 00:29:57 | 000,597,526 | ---- | C] () -- C:\Users\Mars\Desktop\Prayers That Release Heaven On Earth.pdf
[2013/07/11 00:27:44 | 002,244,577 | ---- | C] () -- C:\Users\Mars\Desktop\ebookearsthathear PDF1.pdf
[2013/07/11 00:27:44 | 002,029,399 | ---- | C] () -- C:\Users\Mars\Desktop\ebookeyes_thatsee1.pdf
[2013/07/10 21:34:23 | 002,887,543 | ---- | C] () -- C:\Users\Mars\Desktop\9780768484991 - Copy.pdf
[2013/07/10 17:20:45 | 005,938,036 | ---- | C] () -- C:\Users\Mars\1 Help_God_Im_Broke_Ebook.pdf
[2013/07/10 17:19:42 | 006,202,052 | ---- | C] () -- C:\Users\Mars\1 1 Help_God_Im_Broke_Ebook.pdf
[2013/07/10 13:45:43 | 000,842,756 | ---- | C] () -- C:\Users\Mars\Desktop\1 Prayers That Rout Demons_ Prayers for de - Eckhardt, John.pdf
[2013/07/10 12:53:09 | 006,457,943 | ---- | C] () -- C:\Users\Mars\Desktop\1 Help_God_Im_Broke_Ebook.pdf
[2013/07/10 12:24:24 | 000,345,214 | ---- | C] () -- C:\Users\Mars\Desktop\lesson-one-prophetic.pdf
[2013/07/10 12:23:05 | 000,538,575 | ---- | C] () -- C:\Users\Mars\Desktop\01 possibilities of prayer by e m bounds.pdf
[2013/07/09 11:13:28 | 000,064,029 | ---- | C] () -- C:\Users\Mars\Desktop\TIKE201307.pdf
[2013/07/08 20:08:55 | 000,000,234 | ---- | C] () -- C:\Windows\wininit.ini
[2013/07/05 20:13:20 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\e-Sword.lnk
[2013/07/05 14:02:42 | 001,731,976 | ---- | C] () -- C:\Users\Mars\Documents\dare to belive conferences.rtf
[2013/07/03 21:14:13 | 000,080,460 | ---- | C] () -- C:\Users\Mars\Documents\websites.rtf
[2013/07/03 13:58:50 | 000,034,370 | ---- | C] () -- C:\Users\Mars\Documents\prophetic word.rtf
[2013/07/02 13:39:03 | 000,094,572 | ---- | C] () -- C:\Users\Mars\Documents\5 Mountain-Moving Prayers to Change Your Situation (1).pdf
[2013/07/01 01:46:25 | 000,001,324 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013/06/30 23:32:05 | 003,824,893 | ---- | C] () -- C:\Users\Mars\Desktop\(1)Dare to Believe1.pdf
[2013/06/30 21:56:56 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/30 16:26:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/06/30 15:35:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum
[2013/06/30 15:35:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum
[2013/06/30 15:35:02 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum
[2013/06/30 15:34:52 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/06/30 15:34:50 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/06/30 15:34:48 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/06/30 15:34:47 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/06/29 11:05:06 | 000,000,964 | ---- | C] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013/06/29 10:52:58 | 000,033,958 | ---- | C] () -- C:\ProgramData\uninstaller.exe
[2013/06/29 10:31:17 | 000,002,175 | ---- | C] () -- C:\Users\Mars\Desktop\Facebook.lnk
[2013/06/29 10:31:17 | 000,002,173 | ---- | C] () -- C:\Users\Mars\Desktop\Youtube.lnk
[2013/06/29 10:31:17 | 000,001,380 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch.lnk
[2013/06/29 10:15:53 | 000,002,205 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Torch.lnk
[2013/06/29 10:15:53 | 000,002,203 | ---- | C] () -- C:\Users\Mars\Desktop\Torch.lnk
[2013/06/29 09:54:13 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/29 09:27:25 | 003,982,256 | ---- | C] () -- C:\Users\Mars\Documents\(1)Dare to Believe1.pdf
[2013/06/29 09:25:42 | 000,864,532 | ---- | C] () -- C:\Users\Mars\Documents\111628744-Power-Of-A-Praying-Life-Stormie-Omartian.pdf
[2013/06/29 09:25:41 | 000,715,936 | ---- | C] () -- C:\Users\Mars\Documents\111628651-Lord-I-Want-To-Be-Whole-Stormie-Omartian.pdf
[2013/06/29 09:25:41 | 000,544,355 | ---- | C] () -- C:\Users\Mars\Documents\111628833-Power-Of-A-Praying-Wife-Stormie-Omartian.pdf
[2013/06/29 06:04:20 | 000,001,661 | ---- | C] () -- C:\Users\Mars\Desktop\SendToKindle - Shortcut.lnk
[2013/06/28 13:54:16 | 000,002,225 | ---- | C] () -- C:\Users\Mars\Desktop\Kindle.lnk
[2013/06/28 11:51:57 | 000,000,450 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for Mars.job
[2013/06/28 11:51:52 | 000,001,457 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.LNK
[2013/06/28 11:51:45 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSSx64\0400010.010\isolate.ini
[2013/06/28 10:13:56 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/06/28 10:13:56 | 000,002,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/06/28 10:13:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/28 10:13:37 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/27 22:23:27 | 000,002,283 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/27 22:23:27 | 000,002,187 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/27 22:20:03 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/27 22:20:03 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/27 22:12:10 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/27 21:00:10 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat.temp
[2013/06/27 20:32:57 | 000,173,333 | ---- | C] () -- C:\Windows\hpoins46.dat
[2013/06/27 20:32:57 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2013/06/27 18:39:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/27 18:39:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/27 17:41:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/06/27 17:32:02 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/06/27 16:09:31 | 000,001,441 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/06/27 15:56:12 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/06/27 15:56:00 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/06/27 15:55:43 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2013/06/27 15:55:43 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2013/06/27 15:54:03 | 000,001,417 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/27 15:54:03 | 000,000,290 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/06/27 15:54:03 | 000,000,272 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/22 11:21:06 | 004,325,376 | ---- | C] () -- C:\ProgramData\ReadOnlyInstaller.msi
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/15 04:15:48 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\calibre
[2013/06/28 08:28:52 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\ESET
[2013/07/12 19:40:10 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\PowerCinema
[2013/07/19 01:56:31 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\SoftGrid Client
[2013/06/27 22:12:41 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
godawgs
Posted 20 July 2013 - 06:51 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello Ayame12, :wave: Welcome to the forums!
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

IMPORTANT:Change your browser(s) to download any tools to the desktop.
Follow the directions here
For FireFox check the dot beside "Always ask me where to save files."
For Chrome, check the box beside "Ask where to save each file before downloading"
NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.

When OTL runs the first time it creates a file named Extras.txt. It should be in the same directory you ran OTL from. Please post the contents of that file.

I don't see a lot in the way of malicious files. Your biggest issue is the number of antivirus programs you have installed on the system. At present I see the following antivirus programs:

Avast
AVG
McAfee
Norton Security Scan
ESET Smart SEcurity

And Avast, AVG and McAfee are all running at the same time.

Multiple Antivitus Progams Installed

I see that you have more than one antivirus programs installed and running. You should only have one antivirus program installed and running. Antivirus programs run in the background providing continuous protection of your system. It's called Real-Time Protection, or scanning, and it uses system resources as it runs. Two or more antivirus programs running at the same time will use 2 or 3 times the amount of system resources, or more. Because each program wants control of the system, there will be conflicts caused, including false positives. The end result is actually LESS antivirus protection.

McAfee is a commercial antivirus program. That means that you had to buy the program and you have to pay to have your annual subscription renewed. If your subscription is new and has many months left on it, I would recommend that you keep McAfee as your AV program. If the subscription has expired or is close to expiration I would recommend that we ditch McAfee and go with a different AV program. This is because McAfee takes up a lot of space on your hard drive and uses way too many system resources (memory). And because there are free AV programs that are just as good, take up less space and use far less system resources.

Examples of free AV programs are Microsoft Security Essentials, Avast and AVG etc;. Of these I would recommend MSE or Avast. You already have Avast on your computer but chances are that we are gonna need to uninstall it and then reinstall it if that is the one you decide on. This is because most AV programs don't like each other and won't install properly or completely if another AV is already on the system.

My personal preference is MSE for four reasons. It has a small footprint (doesn't take up a lot of room on the hard drive). It uses less system resources than most other AV programs. And it plays well with other programs. Those reasons are why it is a GeeksToGo recommended AV program.
To help you make your decision if you decide to uninstall McAfee, please have a look at our Free Antivirus and Antispyware Software page.

When you post the Extras.txt log please let me know which AV program you would like to use and we will uninstall the others using some dedicated tools to completely remove them.
  • 0

#3
Ayame12
Posted 23 July 2013 - 08:56 PM

Ayame12

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
My laptop two days ago wouldn't connect to the internet. I tried everything to fix the error so I did " Restore Operating System to Factory Default " but the same problems computer very slow and The Encryption (http://) on the address bar on my browser keep on crashing except. I have external Data Storage Hard Drive and I know it have a infection too, how to use OTL to scan it also?

Before I unstall Mcfee Internet suite. I know i need one firewall, one spyware and Anti virus and etc Which one is compatible with each program. Here is the new scan : Thank you so much for taking the time to responding back.



OTL logfile created on: 7/23/2013 10:35:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 57.17% Memory free
7.36 Gb Paging File | 5.06 Gb Available in Paging File | 68.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 410.50 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive F: | 447.66 Gb Total Space | 96.44 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/23 22:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
PRC - [2013/07/12 14:49:47 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/31 08:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/03/31 08:38:36 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/31 08:38:34 | 001,092,688 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 14:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 12:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/23 20:56:56 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll
MOD - [2013/07/23 20:56:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll
MOD - [2013/07/23 20:56:49 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll
MOD - [2013/07/23 20:56:46 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\45e4072bdc78b50abd6a5f28386e8153\IAStorUtil.ni.dll
MOD - [2013/07/23 20:56:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/23 20:56:36 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/23 20:56:26 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/23 20:56:24 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/23 20:56:18 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/07/23 02:00:50 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll
MOD - [2013/07/12 14:49:44 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 14:49:43 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 14:49:42 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 14:48:52 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 14:48:51 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 14:48:49 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 14:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/05 15:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2011/04/14 14:01:38 | 000,245,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/04/14 14:01:38 | 000,200,056 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/04/14 14:01:38 | 000,149,032 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/02/23 00:00:46 | 000,873,064 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/10/07 20:34:28 | 000,509,416 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2010/03/10 10:14:44 | 000,355,440 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2013/07/23 01:49:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/01/30 15:24:20 | 000,833,616 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Windows\Temp\0101821374610186mcinst.exe -- (0101821374610186mcinstcleanup)
SRV - [2011/03/31 08:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/15 14:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 12:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 00:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/18 00:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/10 22:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/04/19 00:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/19 00:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/19 00:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/14 14:01:38 | 000,530,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,441,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/04/14 14:01:38 | 000,283,744 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,190,520 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,121,376 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,094,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/04/14 14:01:38 | 000,075,160 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/04/14 14:01:38 | 000,063,056 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/03/17 05:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/10 00:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 10:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 18:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 23:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/08 06:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/21 21:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/04/13 12:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/26 19:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/09/17 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/07/23 16:09:34 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Mars\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho64.dll ()
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20130723105648.dll (McAfee, Inc.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\mcafee\msk\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20130723105648.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [AdobeUpdater6] C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A628AEC7-B29E-4539-B31B-F5752705852B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/23 22:34:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/07/23 18:52:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/23 16:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/07/23 15:48:45 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\TP
[2013/07/23 14:40:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe_Systems_Incorporate
[2013/07/23 14:40:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2013/07/23 14:40:30 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\My Digital Editions
[2013/07/23 11:11:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/23 02:43:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/07/23 02:31:05 | 000,000,000 | ---D | C] -- C:\Windows\NAPP_Dism_Log
[2013/07/23 02:07:24 | 000,000,000 | ---D | C] -- C:\Users\Mars\Documents\Youcam
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/07/23 02:05:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/07/23 01:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Barnes & Noble
[2013/07/23 01:58:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Barnes & Noble
[2013/07/23 01:58:29 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013/07/23 01:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\CLSK
[2013/07/23 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2013/07/23 01:54:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2013/07/23 01:51:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clear.fi
[2013/07/23 01:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NTI Launcher
[2013/07/23 01:51:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NTI Media Maker 9
[2013/07/23 01:49:54 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2013/07/23 01:49:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2013/07/23 01:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/07/23 01:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
[2013/07/23 01:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/07/23 01:44:09 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/07/23 01:42:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/07/23 01:40:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013/07/23 01:38:41 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/07/23 01:37:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec
[2013/07/23 01:37:32 | 000,000,000 | ---D | C] -- C:\book
[2013/07/23 01:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AcerSystem
[2013/07/23 01:34:02 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/07/23 00:09:38 | 000,000,000 | ---D | C] -- C:\ProgramData\clear.fi
[2013/07/22 23:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/07/22 23:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/07/22 23:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Google
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Deployment
[2013/07/22 23:37:01 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Apps
[2013/07/22 23:28:26 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\EgisTec IPS
[2013/07/22 23:26:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2013/07/22 23:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\OEM_E471269A730D
[2013/07/22 23:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Times Reader
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\CyberLink
[2013/07/22 23:24:57 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Acer
[2013/07/22 23:24:51 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\PowerCinema
[2013/07/22 23:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Family Protection
[2013/07/22 23:24:32 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\VirtualStore
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Temporary Internet Files
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Templates
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Start Menu
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\SendTo
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Recent
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\PrintHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\NetHood
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Videos
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Pictures
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Documents\My Music
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\My Documents
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Local Settings
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\History
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Cookies
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\Application Data
[2013/07/22 23:24:20 | 000,000,000 | -HSD | C] -- C:\Users\Mars\AppData\Local\Application Data
[2013/07/22 23:24:17 | 000,000,000 | --SD | C] -- C:\Users\Mars\AppData\Roaming\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Videos
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Searches
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Saved Games
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Pictures
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Music
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Links
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Favorites
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Downloads
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Documents
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Desktop
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\Contacts
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/07/22 23:24:17 | 000,000,000 | R--D | C] -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/07/22 23:24:17 | 000,000,000 | -H-D | C] -- C:\Users\Mars\AppData
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Windows Live
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Temp
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Microsoft
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Macromedia
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Intel Corporation
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\InstallShield
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Identities
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Downloaded Installations
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Roaming\Adobe
[2013/07/22 23:24:17 | 000,000,000 | ---D | C] -- C:\Users\Mars\AppData\Local\Adobe
[2013/07/22 23:24:04 | 000,000,000 | -HSD | C] -- C:\Recovery
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/23 22:34:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mars\Desktop\OTL.exe
[2013/07/23 22:24:23 | 000,727,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/23 22:24:23 | 000,624,622 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/23 22:24:23 | 000,106,708 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/23 22:23:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/23 21:43:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/23 16:15:56 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 16:15:55 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/23 16:08:42 | 000,001,832 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2013/07/23 16:07:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/23 16:07:21 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/23 15:49:09 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:31:05 | 000,011,453 | ---- | M] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/07/23 02:20:55 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 01:58:40 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:54:16 | 000,282,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/23 01:52:49 | 000,000,017 | ---- | M] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:47:08 | 000,015,762 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | M] () -- C:\Windows\LMv4.UNI
[2013/07/23 00:08:30 | 000,002,283 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:44:35 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/22 23:29:58 | 000,001,441 | ---- | M] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:57 | 000,002,609 | ---- | M] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | M] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | M] () -- C:\Users\Public\Desktop\Times Reader.lnk
[6 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/23 15:49:09 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/23 14:40:36 | 000,002,244 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,232 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions 2.0.lnk
[2013/07/23 14:40:36 | 000,002,220 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Digital Editions 2.0.lnk
[2013/07/23 02:32:32 | 000,011,453 | ---- | C] () -- C:\Windows\ChangeLang_Done.tag
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/07/23 02:11:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/07/23 02:01:20 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/07/23 01:58:40 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\NOOK for PC.lnk
[2013/07/23 01:56:38 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\clear.fi.lnk
[2013/07/23 01:52:49 | 000,000,017 | ---- | C] () -- C:\Windows\ClearFi.tag
[2013/07/23 01:51:27 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTILiveUpdateV9.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9REGET.dll
[2013/07/23 01:49:53 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTIMMV9Acer.dll
[2013/07/23 01:48:55 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2013/07/23 01:47:08 | 000,015,762 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/07/23 01:44:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/07/23 01:42:58 | 000,000,184 | ---- | C] () -- C:\Windows\LMv4.UNI
[2013/07/23 01:34:02 | 2962,255,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/07/23 00:57:59 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/07/23 00:45:52 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/07/22 23:44:35 | 000,002,283 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/22 23:44:35 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/22 23:38:12 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/22 23:38:11 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 23:29:58 | 000,001,441 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/22 23:26:57 | 000,002,609 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/07/22 23:26:47 | 000,002,102 | ---- | C] () -- C:\Users\Public\Desktop\Netflix.lnk
[2013/07/22 23:26:34 | 000,000,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Times Reader.lnk
[2013/07/22 23:26:34 | 000,000,915 | ---- | C] () -- C:\Users\Public\Desktop\Times Reader.lnk
[2013/07/22 23:24:18 | 000,000,290 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/07/22 23:24:18 | 000,000,272 | ---- | C] () -- C:\Users\Mars\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/07/22 23:24:17 | 000,001,417 | ---- | C] () -- C:\Users\Mars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/01/10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012/01/10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012/01/10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012/01/10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/23 15:48:45 | 000,000,000 | ---D | M] -- C:\Users\Mars\AppData\Roaming\TP

========== Purity Check ==========



< End of report >


Extras.txt

OTL Extras logfile created on: 7/23/2013 10:35:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mars\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 57.17% Memory free
7.36 Gb Paging File | 5.06 Gb Available in Paging File | 68.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 410.50 Gb Free Space | 91.70% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 70.34 Mb Free Space | 70.35% Space Free | Partition Type: NTFS
Drive F: | 447.66 Gb Total Space | 96.44 Gb Free Space | 21.54% Space Free | Partition Type: NTFS

Computer Name: MARS-PC | User Name: Mars | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018BF93A-8360-456A-9A06-1AF7F22A4FF9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1994096C-CAB0-41FC-AF9B-768421CCBB47}" = rport=10243 | protocol=6 | dir=out | app=system |
"{450AF69E-DC94-4DAE-A724-A1C6AED5FAF5}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45DDDBDF-DF25-416A-A20B-D2DED40F50B4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{578E39D6-92FB-4FFB-9FAE-25904C9E8129}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7BBFAB76-CDBD-44B3-BF89-3DF12F98F677}" = lport=10243 | protocol=6 | dir=in | app=system |
"{88EC4423-239D-4F14-8724-CB90A13C9083}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{99EF6830-9870-4E89-80BD-DBD8754CCD36}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AA9C802F-F2BD-4774-9BA9-DFBC5C603644}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C4E1800A-5115-41CF-9049-18294CE25195}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E967346F-7F01-4F9B-9410-8A9E26F18EE2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B8638B-46DD-411C-8976-19B1DF50BA04}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C7F164E-1A46-4768-A209-4D05C652DFD0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{105D7E03-7D71-4702-B041-81879EC0B7DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1B0C84E9-6072-4E56-9170-5A5B55143F9F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{22771C85-6F3D-4ABA-9FE1-80861E171BE3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{38547F6F-314E-4EB1-9BAA-CA7D6932AD77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{38AEB062-ED7A-4951-98D9-DF32A4957729}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{51624BF8-9FE6-4D45-BFB5-721F70B729A2}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{555B20C1-DFEE-479D-BF12-A8B235FC9575}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{56D6305C-B70D-4CB4-BBF2-7595E0824930}" = protocol=6 | dir=out | app=system |
"{58A03610-3E74-427C-8256-30E616E5FE33}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{58A777A4-0ECE-4D6E-825D-077A6A4606AC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67EF7408-134E-43F6-9FC1-C8D31EC86583}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{68261AB4-A17B-4E69-ADA0-2FF2D610FA3B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6922A3A8-BBBB-4FA6-B6E9-8601E5733D75}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{742EAE0B-B3C8-4E0F-9821-CD9ADC5D7AA6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7491B564-329B-42BD-AA5E-56BA9DA021DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7BBC050F-81C0-4735-89C4-BCCFBB676598}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{7E44C0E2-259A-4E4F-BD3B-BB17A6880ECA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9270C686-043E-4669-86D9-684F90529E6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{94014C0C-9B8C-4963-AAAA-D93FD34C36E5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{980FE471-4B34-4C3D-937A-75F3323C733D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{B52A0F61-6028-4ABE-A4DD-53036C05C4F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B8C437FE-44D3-4C9C-BF37-90BBA1B946B1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BB204367-00B4-42EB-8AA8-19A4D915738C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD81D695-FBA6-46D7-BDBC-432B12EB863F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{C0DC918D-0524-46D5-A6C2-C7788443675C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D699384E-E48D-472B-A444-11D139ADC056}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA3B05C8-585E-4ADF-8F6B-798A67A37E7A}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{F546D0A2-D82A-4C02-A320-A33579E1775C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"BN_DesktopReader" = NOOK for PC
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"MSC" = McAfee Internet Security Suite
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-036dc91c-3596-41cf-afb5-8fe9d76b3bfa" = Dora's World Adventure
"WTA-10f999da-3c38-4d87-99a6-08e748bc4ba3" = Zuma's Revenge
"WTA-2426fbc3-e9a4-4c29-a0e0-0e1d4e09dac2" = Chuzzle Deluxe
"WTA-307d684f-8bcc-4503-bd58-e0668db6dcee" = Bejeweled 2 Deluxe
"WTA-33f18576-3d19-4dd3-8aed-e5f1426eec54" = Torchlight
"WTA-3ad4add0-74f7-4427-af1c-b53fd4ae149e" = Poker Superstars III
"WTA-3aec2ce0-a643-49ae-8194-e6c66943a931" = Polar Golfer
"WTA-3fee7dc0-7906-4d83-af4b-9082669c7728" = Penguins!
"WTA-55a36a0e-cdb4-40e8-8991-ea915b04200d" = Virtual Villagers 4 - The Tree of Life
"WTA-5a6d223e-900a-444b-8c22-6305da7969cb" = Agatha Christie - 4:50 from Paddington
"WTA-6416da14-ff05-49d1-b29a-b02e570a0151" = Final Drive: Nitro
"WTA-7b109e19-a2a7-4b5e-89d9-97cd63d3c014" = Polar Bowler
"WTA-925d71b3-6eb9-4e84-832d-7508c57cde5c" = Mystery P.I. - Stolen in San Francisco
"WTA-acf2bd08-527f-443b-9b95-0fe1fe832281" = Build-a-lot 2
"WTA-b66be362-fd3d-4611-b53b-23a494960737" = Plants vs. Zombies - Game of the Year
"WTA-c31c13b2-3d44-43d5-a9d1-8506d541cea9" = Diner Dash 2 Restaurant Rescue
"WTA-dab7998f-5b94-454a-a1c2-5fc158365431" = Jewel Quest Heritage
"WTA-e550e22e-d07b-4a1b-8e1a-7f6d371cf0db" = FATE - The Traitor Soul
"WTA-f226e527-daaa-41cf-bc32-d211e6ba9153" = Namco All-Stars: PAC-MAN

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/23/2013 1:55:10 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 2:22:49 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 9:56:14 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 11:19:51 AM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 3:40:17 PM | Computer Name = Mars-PC | Source = Application Error | ID = 1000
Description = Faulting application name: mcshield.exe, version: 14.2.0.835, time
stamp: 0x4d7e81b1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x0000000015ac64f0 Faulting process id: 0x898 Faulting
application start time: 0x01ce87b7e9ed248e Faulting application path: C:\Program
Files\Common Files\McAfee\SystemCore\mcshield.exe Faulting module path: unknown Report
Id: b2fedd17-f3cf-11e2-b20b-b870f4dd30d3

Error - 7/23/2013 3:43:51 PM | Computer Name = Mars-PC | Source = Application Hang | ID = 1002
Description = The program DigitalEditions.exe version 2.0.0.0 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17b0 Start
Time: 01ce87d42304a52a Termination Time: 60000 Application Path: C:\Program Files
(x86)\Adobe\Adobe Digital Editions 2.0\DigitalEditions.exe Report Id: f48448b3-f3cf-11e2-b20b-b870f4dd30d3


Error - 7/23/2013 3:53:15 PM | Computer Name = Mars-PC | Source = MsiInstaller | ID = 11920
Description =

Error - 7/23/2013 4:03:58 PM | Computer Name = Mars-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.1.7601.17567 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 68c Start
Time: 01ce87b7e3f4f11e Termination Time: 60000 Application Path: C:\Windows\Explorer.EXE

Report
Id: cca9724c-f3d2-11e2-b20b-b870f4dd30d3

Error - 7/23/2013 4:08:36 PM | Computer Name = Mars-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/23/2013 6:45:53 PM | Computer Name = Mars-PC | Source = MsiInstaller | ID = 11704
Description =


< End of report >
  • 0

#4
godawgs
Posted 24 July 2013 - 10:44 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the reply.

Before I unstall Mcfee Internet suite. I know i need one firewall, one spyware and Anti virus and etc Which one is compatible with each program. Here is the new scan : Thank you so much for taking the time to responding back.

You are welcome. Now to answer your questions:
The McAfee suite comes with firewall.
The Avast free and MSE programs do not include a firewall so you can download a third party firewall or simply turn the Windows firewall on. In all honesty if you are using a router that is properly configured you don't need an inbound/outbound firewall and the firewall in Windows 7 will do the job nicely.
As far as compatibility, I haven't found any compatibility issues with MSSE and any other programs. AVAST has been known to have compatibility issues with some programs and I've even some of the modules in the Avast program have issues.
I don't see any antivirus programs in the installed programs list except the McAfee Internet Security suite, but the event logs show errors with the mcshield.exe application so McAfee most likely didn't install completely. This is most likely due to the remnants of the other AV programs left on the system and once those are removed that may break McAfee to the point where it will need to be uninstalled and then reinstalled for it to function properly...if that's the one you decide to keep. AV programs are notorious for installation problems if any parts of a previous AV program are left on the system.

The choice is yours but like I said in my earlier post, if your subscription to McAfee has a lot time remaining on it you may want to keep it until it expires. But at that point I would definitely consider replacing it. Either way, we need to clean this up before starting the cleaning process on the system. This is likely one of the main reasons that the system is so slow.
Please let me know what you want to do :)
  • 0

#5
godawgs
Posted 29 July 2013 - 10:12 AM

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 1
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP