Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Both of my computers cannot access paypal and some other secure sites

Started by alternate , Jul 30 2013 05:09 PM

  • This topic is locked This topic is locked

#1
alternate
Posted 30 July 2013 - 05:09 PM

alternate

    Member

  • Member
  • PipPip
  • 83 posts
Hi...my computer and laptop refused to display the ebay, hotmail and paypal pages all of a sudden. I did some scanning using eset online scanners and MBAM. After that I can access paypal and ebay but the pages look weird missing images etc and load very slowly. Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:31:50 PM, on 7/30/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Users\deco\Downloads\SoftonicDownloader_para_hijackthis.exe
C:\Users\deco\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://paypal.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110902204322.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKCU\..\Run: [Google Update] "C:\Users\deco\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking...GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater15.3.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14112 bytes
Thanks for any input

and here's the OTL log as well:

OTL logfile created on: 7/30/2013 8:27:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\deco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 49.61% Memory free
7.93 Gb Paging File | 5.45 Gb Available in Paging File | 68.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 818.91 Gb Free Space | 89.80% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DECO-PC | User Name: deco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/30 20:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\deco\Downloads\OTL.exe
PRC - [2013/06/28 19:49:34 | 000,152,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/06/09 06:59:04 | 000,020,992 | ---- | M] (Smartbar) -- C:\Users\deco\AppData\Local\Smartbar\Application\SnapDo.exe
PRC - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/15 21:18:28 | 000,468,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
PRC - [2012/10/15 12:45:58 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/08/08 21:20:49 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/02 00:22:56 | 000,391,632 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2012/01/18 14:02:04 | 000,508,136 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/09/21 06:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/09/21 06:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/09/21 06:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/09/21 06:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/09/21 05:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/08/04 09:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/26 23:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 02:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 02:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/30 20:22:01 | 000,911,432 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2013/07/30 20:21:58 | 000,146,432 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
MOD - [2013/07/12 15:49:44 | 000,396,240 | ---- | M] () -- C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppgooglenaclpluginchrome.dll
MOD - [2013/07/12 15:49:43 | 013,599,184 | ---- | M] () -- C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
MOD - [2013/07/12 15:49:42 | 004,052,944 | ---- | M] () -- C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
MOD - [2013/07/12 15:48:52 | 000,601,552 | ---- | M] () -- C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\libglesv2.dll
MOD - [2013/07/12 15:48:51 | 000,123,344 | ---- | M] () -- C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\libegl.dll
MOD - [2013/07/12 15:48:49 | 001,597,392 | ---- | M] () -- C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\ffmpegsumo.dll
MOD - [2013/07/10 21:07:27 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll
MOD - [2013/07/10 20:10:26 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
MOD - [2013/07/10 17:00:17 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\47c7540264ba3b75745b066de260fa90\System.Web.Services.ni.dll
MOD - [2013/07/10 17:00:16 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll
MOD - [2013/07/10 17:00:10 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\59a12d8db2a29bbe4e597124682cc4f7\System.EnterpriseServices.ni.dll
MOD - [2013/07/10 17:00:09 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\dca6df8260d6c4c0bd66cb3be72eb73a\System.Transactions.ni.dll
MOD - [2013/07/10 17:00:08 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll
MOD - [2013/07/10 16:59:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll
MOD - [2013/07/10 16:59:37 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll
MOD - [2013/07/10 16:59:19 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\e75f59d8c1c4803df006c5f7b0ac1478\System.Xml.ni.dll
MOD - [2013/07/10 16:59:15 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll
MOD - [2013/07/10 16:59:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll
MOD - [2013/07/10 16:59:00 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/06/09 06:59:56 | 000,022,016 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
MOD - [2013/06/09 06:59:50 | 000,026,112 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
MOD - [2013/06/09 06:59:50 | 000,020,480 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
MOD - [2013/06/09 06:59:44 | 000,014,336 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
MOD - [2013/06/09 06:59:42 | 000,246,272 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
MOD - [2013/06/09 06:59:40 | 000,052,224 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
MOD - [2013/06/09 06:59:38 | 000,112,640 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
MOD - [2013/06/09 06:59:30 | 000,052,224 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
MOD - [2013/06/09 06:59:28 | 000,078,848 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
MOD - [2013/06/09 06:59:28 | 000,016,896 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
MOD - [2013/06/09 06:59:24 | 000,150,528 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
MOD - [2013/06/09 06:59:22 | 000,057,856 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
MOD - [2013/06/09 06:59:14 | 000,013,312 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
MOD - [2013/06/09 06:59:12 | 000,032,768 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
MOD - [2013/06/09 06:59:08 | 000,014,848 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
MOD - [2013/06/09 06:59:08 | 000,014,336 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
MOD - [2013/06/09 06:59:06 | 001,711,104 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
MOD - [2013/06/09 06:59:06 | 000,194,048 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.dll
MOD - [2013/06/09 06:59:06 | 000,081,920 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
MOD - [2013/06/09 06:59:04 | 000,723,456 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
MOD - [2013/06/09 06:57:44 | 000,048,128 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
MOD - [2013/06/09 06:57:08 | 000,068,608 | ---- | M] () -- C:\Users\deco\AppData\Local\Smartbar\Application\AxInterop.WMPLib.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/04/16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/09/28 15:09:53 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
MOD - [2010/11/04 22:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 22:57:39 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
MOD - [2010/09/21 06:42:38 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/09/21 06:42:20 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/08/04 09:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 06:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/06/10 18:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 07:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 07:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/05 22:04:02 | 000,244,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/05 22:04:02 | 000,199,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/05 22:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2013/07/16 23:55:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 23:58:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 13:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/02 01:42:31 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/02 00:34:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/09/21 06:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 06:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 06:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 05:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 17:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/05/26 23:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/28 19:49:35 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 11:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/05/02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/21 06:43:06 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/09/21 06:43:00 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/09/21 06:41:08 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/09/21 06:40:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/09/21 05:42:38 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/09/21 03:18:14 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/09/21 03:18:14 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/08/11 00:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/01/05 22:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/05 22:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/05 22:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/09 06:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/21 04:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/25 17:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010/08/19 17:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=30/07/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=30/07/2013
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=30/07/2013
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.c...ate=30/07/2013"
FF - prefs.js..extensions.enabledAddons: %7B02ac5f29-e78e-476e-bd0d-f2b243fd5b47%7D:1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://feed.snapdo.c...=30/07/2013&q="
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\deco\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\deco\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/07/30 16:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/16 23:54:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/16 23:54:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/06 20:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Extensions
[2013/07/30 20:23:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions
[2013/07/30 20:23:00 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions\{02ac5f29-e78e-476e-bd0d-f2b243fd5b47}
[2013/07/30 20:22:59 | 000,002,444 | ---- | M] () -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\searchplugins\Web Search.xml
[2013/07/16 23:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/16 23:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/16 23:55:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/05 22:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Snap.Do = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Grooveshark Downloader = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooblpjoncpjmbncgocjlnannofkjjhnp\2.9.9_0\

Hosts file not found
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20100827225314.dll (McAfee, Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110902204322.dll (McAfee, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll (Banco Unibanco)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\deco\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking...GbPluginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67E01175-984F-458A-99DF-04AABDDE5B6D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC9B8ECA-8D3A-463C-A441-D44690C56727}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Windows\Downloaded Program Files\gbiehuni.dll (Banco Unibanco)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7267b0d4-2148-11e2-be11-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7267b0d4-2148-11e2-be11-005056c00008}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{7267b0d4-2148-11e2-be11-005056c00008}\Shell\Option1\Command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/30 20:21:55 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\Smartbar
[2013/07/30 19:31:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\deco\Desktop\HiJackThis.exe
[2013/07/30 16:14:22 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{E54FBEB3-E292-4C66-A034-92E403267860}
[2013/07/30 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\Old Firefox Data
[2013/07/30 14:36:25 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{61A757E2-B386-463B-AC4B-7737E1E416CF}
[2013/07/30 11:37:53 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9E910687-AC19-49A5-A33B-4061B43C48B2}
[2013/07/29 14:14:09 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9C785C73-FD0A-4573-8FD3-68B138361BFC}
[2013/07/28 12:14:13 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{F34AF6B3-D2CE-4C5F-B28E-1C8D9B2B4E5F}
[2013/07/27 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{129B4E7A-AD84-47CF-A230-12DBE2F363E5}
[2013/07/26 19:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/26 11:59:47 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{93867398-CD82-448F-99D6-D4D95F001A7D}
[2013/07/25 13:40:25 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{B8B3A8EC-0783-406E-9842-16485B9789C9}
[2013/07/24 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{071AD36B-D95B-4DB8-8785-C7308F96DC98}
[2013/07/23 13:20:29 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{96454160-ED4A-4ECF-9300-8857E176D706}
[2013/07/22 23:40:30 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{ED4C4914-F9D6-420A-837A-84926E0A534D}
[2013/07/22 12:41:57 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{00D09E04-ABE6-4505-9447-F6F95CC23DE2}
[2013/07/21 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{58D8C168-0469-49DD-B948-207ED28845B8}
[2013/07/20 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{F38E4EDE-46AB-418D-A169-CA1CE95EA266}
[2013/07/19 12:32:10 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\[2007] Music From Regions Beyond
[2013/07/19 12:31:55 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\TIGER ARMY - DISCOGRAPHY [CHANNEL NEO]
[2013/07/19 11:47:57 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{0294C1B2-3D37-4C45-9DE9-549E5156314C}
[2013/07/18 22:59:35 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{7C56ADCD-BB5C-45A9-A1C5-6CF01AC64723}
[2013/07/18 10:59:02 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{16C46B37-F854-42D7-9133-7832BFB49477}
[2013/07/17 16:56:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{EF4BDD9F-2C7E-4281-BBE5-2FC30F36059B}
[2013/07/16 23:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/15 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{073B23B5-0285-4D84-854B-91E7E7431764}
[2013/07/14 23:09:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{0E2E629E-C583-4623-9475-1BA0B412FBFA}
[2013/07/14 11:08:16 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A1DAB350-F6F9-480F-B3B7-38A52924508B}
[2013/07/13 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{03BEE0A2-E35B-42AE-804B-7FE9AF9EBF4A}
[2013/07/12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{188A17F0-8DC4-431A-8DC4-F96D279FD4E0}
[2013/07/11 13:38:21 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A1371CCE-CBF0-41A1-9BB2-4DD3B0974A4F}
[2013/07/10 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{38A2BFF4-C94E-4C4B-ABAD-1E9CEC0B7792}
[2013/07/09 22:50:31 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 22:30:57 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 22:30:57 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 22:30:57 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 22:30:56 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 13:59:58 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{11756381-53D5-4D6B-8AF6-0A641CA4C85E}
[2013/07/08 12:08:16 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9F5B1B17-C63F-4FB2-8E29-D837CD228513}
[2013/07/07 23:10:30 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{81F61A8F-2E1B-4F21-AE1A-902458B8F8EE}
[2013/07/07 12:51:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A309F257-C062-42F9-9509-002D0F889A6D}
[2013/07/07 00:41:38 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{04CC3423-CE0F-42A3-973C-C9D9133E1C9B}
[2013/07/06 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{3C8527E2-1C19-4228-A074-685900278E19}
[2013/07/05 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{76AFB821-AD29-41B9-BA68-96674E55CCDA}
[2013/07/05 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{05CF94AE-4C93-44A5-87B8-012D024E16EC}
[2013/07/04 19:21:56 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{C3A7C426-671B-4BB7-8112-420A0F2039D2}
[2013/07/04 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9AC4AF15-E942-4FFB-85EC-5694DDB18D76}
[2013/07/03 16:19:52 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\extratos mega
[2013/07/03 15:46:37 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A5D35955-19BB-4D42-89D1-E60C95E9E9E7}
[2013/07/03 12:06:57 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{58CC5CB9-F1EE-4651-B62B-B9502BC7F7C1}
[2013/07/03 00:51:56 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{8B6E0A4C-5580-4B1E-B899-EB2B688A3FB6}
[2013/07/03 00:47:49 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{1860F357-44C3-4A2D-8A96-32604D9F609C}
[2013/07/03 00:43:12 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{46DC848D-B8E0-44AB-9996-A2C54590A0DC}
[2013/07/03 00:38:02 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{246E6BEE-C26C-47D2-88CD-990F801BD0B6}
[2013/07/02 11:24:54 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{435CB2F8-6100-4047-BEA3-B21EADB783A5}
[2013/07/01 12:21:25 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{ECF59B79-2503-492B-A5B6-64C531805750}
[2013/06/30 21:23:01 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9A884BBF-8CED-4CB6-818D-0045CCED5221}

========== Files - Modified Within 30 Days ==========

[2013/07/30 20:25:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/30 20:12:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job
[2013/07/30 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/30 19:31:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\deco\Desktop\HiJackThis.exe
[2013/07/30 18:34:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:34:27 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/30 18:32:27 | 000,730,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/30 18:32:27 | 000,626,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/30 18:32:27 | 000,107,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/30 18:27:42 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/30 18:27:38 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/07/30 18:27:37 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/30 18:26:55 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/07/30 18:26:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/30 18:26:40 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/30 16:51:52 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/30 00:17:49 | 000,003,717 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/07/26 12:12:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job
[2013/07/25 19:21:31 | 000,032,287 | ---- | M] () -- C:\Users\deco\Desktop\1016368_10151742384614060_1682708223_n.jpg
[2013/07/24 19:43:51 | 000,129,801 | ---- | M] () -- C:\Users\deco\Desktop\derek.jpg
[2013/07/23 23:07:09 | 000,000,433 | ---- | M] () -- C:\Users\deco\Desktop\Downloads.lnk
[2013/07/16 23:59:06 | 000,403,987 | ---- | M] () -- C:\Users\deco\Desktop\58410.pdf
[2013/07/10 16:48:23 | 000,416,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/07/25 19:21:29 | 000,032,287 | ---- | C] () -- C:\Users\deco\Desktop\1016368_10151742384614060_1682708223_n.jpg
[2013/07/24 19:43:50 | 000,129,801 | ---- | C] () -- C:\Users\deco\Desktop\derek.jpg
[2013/07/23 23:07:09 | 000,000,433 | ---- | C] () -- C:\Users\deco\Desktop\Downloads.lnk
[2013/07/16 23:59:04 | 000,403,987 | ---- | C] () -- C:\Users\deco\Desktop\58410.pdf
[2013/07/12 22:49:51 | 000,621,026 | ---- | C] () -- C:\Users\deco\Desktop\2012 souza d Form 1040 Individual Tax Return_Records.pdf
[2013/07/12 22:49:47 | 000,133,391 | ---- | C] () -- C:\Users\deco\Desktop\pay voucher 2012.pdf
[2013/06/28 19:41:12 | 000,003,717 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/05/29 18:35:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/05/19 19:47:01 | 472,640,025 | ---- | C] () -- C:\Users\deco\HitlersKrieg_WasGuidoKnoppVerschweigt1h36m640x480_ogv.ogv
[2013/05/16 20:31:44 | 000,009,808 | ---- | C] () -- C:\Users\deco\AppData\Roaming\BabMaint.exe
[2013/05/06 22:12:36 | 003,336,567 | ---- | C] () -- C:\Users\deco\Cold_Again.mp3
[2013/05/06 22:12:23 | 006,215,888 | ---- | C] () -- C:\Users\deco\Diamonds_Down.mp3
[2013/05/06 22:12:11 | 003,814,294 | ---- | C] () -- C:\Users\deco\I_Know_It_s_True.mp3
[2013/05/06 22:02:14 | 005,530,852 | ---- | C] () -- C:\Users\deco\Rounding_Third.mp3
[2013/05/06 21:57:13 | 005,068,172 | ---- | C] () -- C:\Users\deco\Mae_Maggie_I_II.mp3
[2013/05/06 21:56:20 | 002,754,768 | ---- | C] () -- C:\Users\deco\Heckscher_Park.mp3
[2013/05/06 21:56:03 | 006,887,130 | ---- | C] () -- C:\Users\deco\Welcome.mp3
[2013/05/06 21:54:55 | 004,941,112 | ---- | C] () -- C:\Users\deco\Best_Route.mp3
[2013/05/06 21:53:33 | 003,853,582 | ---- | C] () -- C:\Users\deco\Prettiest_Bill.mp3
[2013/05/06 21:52:46 | 003,799,248 | ---- | C] () -- C:\Users\deco\Withering.mp3
[2013/05/06 21:50:47 | 003,022,679 | ---- | C] () -- C:\Users\deco\Long_Island.mp3
[2013/05/06 21:49:17 | 002,605,974 | ---- | C] () -- C:\Users\deco\Walt_Whitman_Mall.mp3
[2013/01/20 17:58:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/10/03 22:05:36 | 083,023,306 | ---- | C] () -- C:\ProgramData\vsloops.pad
[2012/07/19 00:05:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012/01/24 22:06:54 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/19 17:20:51 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204}
[2012/01/19 17:17:54 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2}
[2012/01/19 17:15:56 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308}
[2011/12/16 14:29:06 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504}
[2011/12/16 14:27:09 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7}
[2011/11/07 17:22:43 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4}
[2011/09/03 15:00:30 | 000,747,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 20:02:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2011/11/17 03:41:18 | 000,000,000 | -HSD | M] -- C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\L
[2012/08/12 17:46:03 | 000,000,000 | -HSD | M] -- C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\U
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

< End of report >

Edited by alternate, 30 July 2013 - 05:53 PM.

  • 0

Advertisements

#2
Teima
Posted 30 July 2013 - 07:58 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello alternate,

My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)

Notes before we commence:

  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "alternate". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.

Extra

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:
  • 0

#3
Teima
Posted 01 August 2013 - 06:10 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello alternate. Thanks for your patience.

Step One

Your log files indicate signs of either two or multiple anti-virus scanners present. These have been identified as "McAfee" and "Avira".

  • Research shows that it's not safe to have more than one anti-virus installed on a computer, and doing so not only does not provide better protection, it will actually cause additional problems.
  • Having multiple anti-virus programs on one computer can cause your computer to run very slow, become unstable and can cause possible software conflicts, it's recommended that remove all but one anti-virus program.
Please let me know which one you would like removed and within my next series of instructions I'll post the appropriate steps for its removal. At the moment I would recommend the removal of Avira as McAfee is a paid solution. Although I will allow you to make the final verdict. :)

Step Two

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:OTL
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKCU..\Run: [Browser Infrastructure Helper] C:\Users\deco\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=hp&installDate=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&q={searchTerms}&installDate=30/07/2013
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&q={searchTerms}&installDate=30/07/2013
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=hp&installDate=30/07/2013"
FF - prefs.js..keyword.URL: "http://feed.snapdo.com/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=BR&userid=02ac5f29-e78e-476e-bd0d-f2b243fd5b47&searchtype=ds&installDate=30/07/2013&q="
[2013/07/30 20:23:00 | 000,000,000 | ---D | M] ("Snap.Do ") -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions\{02ac5f29-e78e-476e-bd0d-f2b243fd5b47}
CHR - plugin: Babylon ToolBar (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll
CHR - Extension: Snap.Do = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\
@Alternate Data Stream - 100 bytes -> C:\Windows\SysWow64\drivers:GbpKmAp.lst

:Files
C:\Users\deco\AppData\Local\Smartbar

:Commands
[RESETHOSTS]
[EMPTYTEMP]
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.

Step Three

Download AdwCleaner from here to your desktop.

Run AdwCleaner and select Delete.

Posted Image

On reboot a log will be produced please attach that for me to review.
  • 0

#4
alternate
Posted 01 August 2013 - 09:49 PM

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi, Just removed the avira using CCleaner. Only one anti-virus now.

# AdwCleaner v2.306 - Logfile created 08/02/2013 at 00:40:05
# Updated 19/07/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : deco - DECO-PC
# Boot Mode : Normal
# Running from : C:\Users\deco\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


Files\Folders moved on Reboot...
File\Folder C:\Users\deco\AppData\Local\Temp\etilqs_cWJMCWl7d6oqnK5 not found!
File\Folder C:\Users\deco\AppData\Local\Temp\etilqs_xi0z6y0fxu47YHJ not found!
C:\Users\deco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Looks like the problem been solved. I can now access paypal , hotmail and other secure sites on my desktop PC. What about my laptop? I did a full restore to the factory settings but the problem persists...should I do the same on the laptop or we want to see a log of it first?
Thanks for all your help
  • 0

#5
Teima
Posted 02 August 2013 - 02:07 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello Alternate,

Do you also have the OTL document which was produced? The log file can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

In regards to the second machine. We will stick with this one first. There's a few extra things which I'd like to check before declaring this machine as fully cleansed. :)
  • 0

#6
alternate
Posted 02 August 2013 - 09:50 AM

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Sorry I had interrupted the OTL scan previously. Thats why there was no log. I've ran it again on my desktop PC and here's the log produced:
All processes killed
========== COMMANDS ==========
System Restore Service not available.
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Browser Infrastructure Helper not found.
File C:\Users\deco\AppData\Local\Smartbar\Application\SnapDo.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "http://feed.snapdo.c...ate=30/07/2013" removed from browser.startup.homepage
Prefs.js: "http://feed.snapdo.c...=30/07/2013&q=" removed from keyword.URL
Folder C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions\{02ac5f29-e78e-476e-bd0d-f2b243fd5b47}\ not found.
File C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.7_0\BabylonChromeToolBar.dll not found.
File C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0 not found.
Unable to delete ADS C:\Windows\SysWow64\drivers:GbpKmAp.lst .
========== FILES ==========
File\Folder C:\Users\deco\AppData\Local\Smartbar not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: deco
->Temp folder emptied: 768 bytes
->Temporary Internet Files folder emptied: 92837516 bytes
->Java cache emptied: 503750 bytes
->FireFox cache emptied: 399332575 bytes
->Google Chrome cache emptied: 382532882 bytes
->Flash cache emptied: 256673 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 306884 bytes
->Temporary Internet Files folder emptied: 281178 bytes
->Flash cache emptied: 56543 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 891697495 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42355681 bytes
RecycleBin emptied: 166208 bytes

Total Files Cleaned = 1,727.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08022013_124111

Files\Folders moved on Reboot...
C:\Users\deco\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1724.log moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#7
Teima
Posted 03 August 2013 - 05:43 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello alternate, thanks for your patience. How does your machine appear to be running at the moment?

Step One

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Step Two

I would assume you still have OTL on your machine. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.

  • 0

#8
alternate
Posted 03 August 2013 - 05:40 PM

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Hi, Machine is running fine so far. Java updated.


OTL logfile created on: 8/3/2013 8:18:58 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\deco\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.78% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 814.47 Gb Free Space | 89.32% Space Free | Partition Type: NTFS
Drive D: | 124.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.86 Gb Total Space | 1.39 Gb Free Space | 74.62% Space Free | Partition Type: FAT

Computer Name: DECO-PC | User Name: deco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/30 20:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\deco\Desktop\OTL.exe
PRC - [2013/07/16 23:55:14 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/11 23:58:04 | 001,855,880 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
PRC - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/15 12:45:58 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2010/09/21 06:42:38 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010/09/21 06:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010/09/21 06:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/09/21 06:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/09/21 05:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/08/04 09:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/05/26 23:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/03/11 02:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 02:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 23:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/16 23:55:00 | 003,285,912 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/06/11 23:58:02 | 016,033,160 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/21 06:42:38 | 000,068,656 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010/09/21 06:42:20 | 000,970,288 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
MOD - [2010/08/04 09:40:12 | 000,611,872 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/08/04 06:47:32 | 000,144,896 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 07:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 07:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/28 20:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2010/01/05 22:04:02 | 000,244,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2010/01/05 22:04:02 | 000,199,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2010/01/05 22:04:02 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\systemcore\mfevtps.exe -- (mfevtp)
SRV - [2013/07/16 23:55:14 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/11 23:58:05 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 04:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/28 13:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 16:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/09/21 06:42:06 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/09/21 06:41:38 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/09/21 06:41:34 | 000,404,016 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/09/21 05:42:44 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/08/19 17:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/05/26 23:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 18:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 10:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 23:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/28 19:49:35 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 11:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/09/28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 03:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/21 06:43:06 | 000,068,656 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/09/21 06:43:00 | 000,080,944 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/09/21 06:41:08 | 000,031,792 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/09/21 06:40:56 | 000,030,256 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/09/21 05:42:38 | 000,038,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/09/21 03:18:14 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/09/21 03:18:14 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/08/11 00:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010/01/05 22:04:02 | 000,528,232 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,440,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2010/01/05 22:04:02 | 000,279,752 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,189,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,121,504 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,093,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2010/01/05 22:04:02 | 000,075,288 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2010/01/05 22:04:02 | 000,062,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2009/12/09 06:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/21 04:32:50 | 007,345,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/02 23:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/02 23:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/02 23:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/25 17:13:10 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2010/08/19 17:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 10 F2 8E 5B 8E 8D CE 01 [binary data]
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3406242734-3781281278-1370421689-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - prefs.js..keyword.URL: "http://www.google.co...t=firefox-a&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/eMusicPlugin DLM6: C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll (eMusic.com)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\deco\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\deco\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/07/30 16:11:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/16 23:54:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/16 23:54:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/08/06 20:02:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Extensions
[2013/07/30 21:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\extensions
[2013/07/30 21:28:15 | 000,006,350 | ---- | M] () -- C:\Users\deco\AppData\Roaming\Mozilla\Firefox\Profiles\req8cfge.default\searchplugins\Google.xml
[2013/08/03 20:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/03 20:17:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2013/07/16 23:54:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/16 23:55:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/05 22:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.co...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\deco\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\deco\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\deco\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: eMusicPlugin DLM6 (Enabled) = C:\Program Files (x86)\eMusic Download Manager 6\npEMusic602.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\deco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2013/08/02 12:41:12 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\mcafee\SystemCore\ScriptSn.20110902204322.dll (McAfee, Inc.)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll (Banco Unibanco)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} https://clickbanking...GbPluginUni.cab (GbPluginObj Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67E01175-984F-458A-99DF-04AABDDE5B6D}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC9B8ECA-8D3A-463C-A441-D44690C56727}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Windows\Downloaded Program Files\gbiehuni.dll (Banco Unibanco)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7267b0d4-2148-11e2-be11-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{7267b0d4-2148-11e2-be11-005056c00008}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{7267b0d4-2148-11e2-be11-005056c00008}\Shell\Option1\Command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
System Restore Service not available.

========== Files/Folders - Created Within 30 Days ==========

[2013/08/03 20:11:22 | 000,000,000 | ---D | C] -- C:\Users\deco\Desktop\JavaRa
[2013/08/03 19:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/08/03 19:44:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/08/03 19:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/08/02 00:36:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/30 22:13:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/07/30 22:12:41 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/30 22:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/07/30 20:27:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\deco\Desktop\OTL.exe
[2013/07/30 19:31:38 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\deco\Desktop\HiJackThis.exe
[2013/07/30 16:14:22 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{E54FBEB3-E292-4C66-A034-92E403267860}
[2013/07/30 15:51:00 | 000,000,000 | ---D | C] -- C:\Users\deco\Documents\Old Firefox Data
[2013/07/30 14:36:25 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{61A757E2-B386-463B-AC4B-7737E1E416CF}
[2013/07/30 11:37:53 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9E910687-AC19-49A5-A33B-4061B43C48B2}
[2013/07/29 14:14:09 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9C785C73-FD0A-4573-8FD3-68B138361BFC}
[2013/07/28 12:14:13 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{F34AF6B3-D2CE-4C5F-B28E-1C8D9B2B4E5F}
[2013/07/27 15:07:42 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{129B4E7A-AD84-47CF-A230-12DBE2F363E5}
[2013/07/26 19:27:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/07/26 11:59:47 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{93867398-CD82-448F-99D6-D4D95F001A7D}
[2013/07/25 13:40:25 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{B8B3A8EC-0783-406E-9842-16485B9789C9}
[2013/07/24 11:49:45 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{071AD36B-D95B-4DB8-8785-C7308F96DC98}
[2013/07/23 13:20:29 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{96454160-ED4A-4ECF-9300-8857E176D706}
[2013/07/22 23:40:30 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{ED4C4914-F9D6-420A-837A-84926E0A534D}
[2013/07/22 12:41:57 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{00D09E04-ABE6-4505-9447-F6F95CC23DE2}
[2013/07/21 19:00:07 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{58D8C168-0469-49DD-B948-207ED28845B8}
[2013/07/20 22:40:23 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{F38E4EDE-46AB-418D-A169-CA1CE95EA266}
[2013/07/19 11:47:57 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{0294C1B2-3D37-4C45-9DE9-549E5156314C}
[2013/07/18 22:59:35 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{7C56ADCD-BB5C-45A9-A1C5-6CF01AC64723}
[2013/07/18 10:59:02 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{16C46B37-F854-42D7-9133-7832BFB49477}
[2013/07/17 16:56:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{EF4BDD9F-2C7E-4281-BBE5-2FC30F36059B}
[2013/07/16 23:54:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/07/15 12:19:39 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{073B23B5-0285-4D84-854B-91E7E7431764}
[2013/07/14 23:09:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{0E2E629E-C583-4623-9475-1BA0B412FBFA}
[2013/07/14 11:08:16 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A1DAB350-F6F9-480F-B3B7-38A52924508B}
[2013/07/13 14:35:33 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{03BEE0A2-E35B-42AE-804B-7FE9AF9EBF4A}
[2013/07/12 12:03:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{188A17F0-8DC4-431A-8DC4-F96D279FD4E0}
[2013/07/11 13:38:21 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A1371CCE-CBF0-41A1-9BB2-4DD3B0974A4F}
[2013/07/10 16:52:05 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{38A2BFF4-C94E-4C4B-ABAD-1E9CEC0B7792}
[2013/07/09 22:50:31 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/07/09 22:30:57 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/09 22:30:57 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2013/07/09 22:30:57 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2013/07/09 22:30:56 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/09 13:59:58 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{11756381-53D5-4D6B-8AF6-0A641CA4C85E}
[2013/07/08 12:08:16 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{9F5B1B17-C63F-4FB2-8E29-D837CD228513}
[2013/07/07 23:10:30 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{81F61A8F-2E1B-4F21-AE1A-902458B8F8EE}
[2013/07/07 12:51:03 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{A309F257-C062-42F9-9509-002D0F889A6D}
[2013/07/07 00:41:38 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{04CC3423-CE0F-42A3-973C-C9D9133E1C9B}
[2013/07/06 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{3C8527E2-1C19-4228-A074-685900278E19}
[2013/07/05 17:13:32 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{76AFB821-AD29-41B9-BA68-96674E55CCDA}
[2013/07/05 12:02:50 | 000,000,000 | ---D | C] -- C:\Users\deco\AppData\Local\{05CF94AE-4C93-44A5-87B8-012D024E16EC}
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/03 20:12:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000UA.job
[2013/08/03 19:46:31 | 000,150,667 | ---- | M] () -- C:\Users\deco\Desktop\JavaRa-2.2.zip
[2013/08/03 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/03 19:44:32 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/03 19:25:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/03 18:27:08 | 000,060,362 | ---- | M] () -- C:\Users\deco\Desktop\313703-163958-7.jpg
[2013/08/03 18:17:28 | 000,152,471 | ---- | M] () -- C:\Users\deco\Desktop\47819_10200774488749714_652242913_n.jpg
[2013/08/03 17:43:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 17:43:40 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/03 17:40:31 | 000,730,656 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/03 17:40:31 | 000,626,846 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/03 17:40:31 | 000,107,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/03 17:36:18 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/03 17:36:18 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/08/03 17:36:18 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/08/03 17:35:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/08/03 17:35:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/03 17:35:07 | 3193,835,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/02 20:31:32 | 003,028,254 | ---- | M] () -- C:\Users\deco\Desktop\questions and answers.mp3
[2013/08/02 20:17:33 | 003,306,608 | ---- | M] () -- C:\Users\deco\Desktop\london calling.mp3
[2013/08/02 20:16:24 | 004,332,694 | ---- | M] () -- C:\Users\deco\Desktop\do anything you wanna do.mp3
[2013/08/02 14:21:47 | 000,019,506 | ---- | M] () -- C:\Users\deco\Desktop\2.JPG
[2013/08/02 14:21:39 | 000,012,928 | ---- | M] () -- C:\Users\deco\Desktop\1.JPG
[2013/08/02 14:17:18 | 000,047,585 | ---- | M] () -- C:\Users\deco\Desktop\3.JPG
[2013/08/02 14:16:56 | 000,060,165 | ---- | M] () -- C:\Users\deco\Desktop\4.JPG
[2013/08/02 12:41:12 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/08/02 00:37:13 | 000,666,633 | ---- | M] () -- C:\Users\deco\Desktop\adwcleaner.exe
[2013/08/01 12:12:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3406242734-3781281278-1370421689-1000Core.job
[2013/08/01 00:23:57 | 000,074,757 | ---- | M] () -- C:\Users\deco\Desktop\993942_606705069350768_297078633_n.jpg
[2013/07/30 22:12:35 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/07/30 22:12:30 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/07/30 22:12:30 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/07/30 20:27:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\deco\Desktop\OTL.exe
[2013/07/30 19:31:41 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\deco\Desktop\HiJackThis.exe
[2013/07/30 16:51:52 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/07/30 00:17:49 | 000,003,717 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/07/23 23:07:09 | 000,000,433 | ---- | M] () -- C:\Users\deco\Desktop\Downloads.lnk
[2013/07/16 23:59:06 | 000,403,987 | ---- | M] () -- C:\Users\deco\Desktop\58410.pdf
[2013/07/10 16:48:23 | 000,416,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/03 19:46:29 | 000,150,667 | ---- | C] () -- C:\Users\deco\Desktop\JavaRa-2.2.zip
[2013/08/03 19:44:32 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/08/03 18:27:08 | 000,060,362 | ---- | C] () -- C:\Users\deco\Desktop\313703-163958-7.jpg
[2013/08/03 18:17:27 | 000,152,471 | ---- | C] () -- C:\Users\deco\Desktop\47819_10200774488749714_652242913_n.jpg
[2013/08/02 20:31:28 | 003,028,254 | ---- | C] () -- C:\Users\deco\Desktop\questions and answers.mp3
[2013/08/02 20:17:29 | 003,306,608 | ---- | C] () -- C:\Users\deco\Desktop\london calling.mp3
[2013/08/02 20:16:18 | 004,332,694 | ---- | C] () -- C:\Users\deco\Desktop\do anything you wanna do.mp3
[2013/08/02 14:21:43 | 000,019,506 | ---- | C] () -- C:\Users\deco\Desktop\2.JPG
[2013/08/02 14:21:34 | 000,012,928 | ---- | C] () -- C:\Users\deco\Desktop\1.JPG
[2013/08/02 14:11:58 | 000,060,165 | ---- | C] () -- C:\Users\deco\Desktop\4.JPG
[2013/08/02 14:11:40 | 000,047,585 | ---- | C] () -- C:\Users\deco\Desktop\3.JPG
[2013/08/02 00:36:41 | 000,666,633 | ---- | C] () -- C:\Users\deco\Desktop\adwcleaner.exe
[2013/08/01 00:23:54 | 000,074,757 | ---- | C] () -- C:\Users\deco\Desktop\993942_606705069350768_297078633_n.jpg
[2013/07/23 23:07:09 | 000,000,433 | ---- | C] () -- C:\Users\deco\Desktop\Downloads.lnk
[2013/07/16 23:59:04 | 000,403,987 | ---- | C] () -- C:\Users\deco\Desktop\58410.pdf
[2013/07/12 22:49:51 | 000,621,026 | ---- | C] () -- C:\Users\deco\Desktop\2012 souza d Form 1040 Individual Tax Return_Records.pdf
[2013/07/12 22:49:47 | 000,133,391 | ---- | C] () -- C:\Users\deco\Desktop\pay voucher 2012.pdf
[2013/06/28 19:41:12 | 000,003,717 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
[2013/05/29 18:35:06 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2013/05/19 19:47:01 | 472,640,025 | ---- | C] () -- C:\Users\deco\HitlersKrieg_WasGuidoKnoppVerschweigt1h36m640x480_ogv.ogv
[2013/05/06 22:12:36 | 003,336,567 | ---- | C] () -- C:\Users\deco\Cold_Again.mp3
[2013/05/06 22:12:23 | 006,215,888 | ---- | C] () -- C:\Users\deco\Diamonds_Down.mp3
[2013/05/06 22:12:11 | 003,814,294 | ---- | C] () -- C:\Users\deco\I_Know_It_s_True.mp3
[2013/05/06 22:02:14 | 005,530,852 | ---- | C] () -- C:\Users\deco\Rounding_Third.mp3
[2013/05/06 21:57:13 | 005,068,172 | ---- | C] () -- C:\Users\deco\Mae_Maggie_I_II.mp3
[2013/05/06 21:56:20 | 002,754,768 | ---- | C] () -- C:\Users\deco\Heckscher_Park.mp3
[2013/05/06 21:56:03 | 006,887,130 | ---- | C] () -- C:\Users\deco\Welcome.mp3
[2013/05/06 21:54:55 | 004,941,112 | ---- | C] () -- C:\Users\deco\Best_Route.mp3
[2013/05/06 21:53:33 | 003,853,582 | ---- | C] () -- C:\Users\deco\Prettiest_Bill.mp3
[2013/05/06 21:52:46 | 003,799,248 | ---- | C] () -- C:\Users\deco\Withering.mp3
[2013/05/06 21:50:47 | 003,022,679 | ---- | C] () -- C:\Users\deco\Long_Island.mp3
[2013/05/06 21:49:17 | 002,605,974 | ---- | C] () -- C:\Users\deco\Walt_Whitman_Mall.mp3
[2013/01/20 17:58:18 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2012/10/03 22:05:36 | 083,023,306 | ---- | C] () -- C:\ProgramData\vsloops.pad
[2012/07/19 00:05:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\pmt_0piot.pad
[2012/01/24 22:06:54 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/19 17:20:51 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{CB8DCE11-B253-4EDB-B0CC-A0787B08F204}
[2012/01/19 17:17:54 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{A0AE2BA0-BC64-4C82-85C5-75CA07927EC2}
[2012/01/19 17:15:56 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{94C3ECB7-004E-4BDD-8C96-A0480CED3308}
[2011/12/16 14:29:06 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{1B957172-A890-42A3-9248-7DEEDD3B6504}
[2011/12/16 14:27:09 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{A3F3D639-BB66-4436-9F6F-760226486CE7}
[2011/11/07 17:22:43 | 000,000,000 | ---- | C] () -- C:\Users\deco\AppData\Local\{09CAB645-9211-464F-94C3-44802F73D6F4}
[2011/09/03 15:00:30 | 000,747,342 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/06 20:02:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

========== ZeroAccess Check ==========

[2011/11/17 03:41:18 | 000,000,000 | -HSD | M] -- C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\L
[2012/08/12 17:46:03 | 000,000,000 | -HSD | M] -- C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\U
[2009/07/14 01:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\Users\deco\AppData\Local\{052083fb-9b8c-0199-7ef2-0ea11ac85f48}\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 02:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 01:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 22:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 09:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 22:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Base Services ==========
SRV:64bit: - [2009/07/13 22:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 02:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/13 22:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/20 10:27:23 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/20 10:25:45 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2011/11/17 03:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/13 22:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/13 22:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 19:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/05/13 02:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/05/13 01:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/20 10:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/20 10:26:04 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/20 09:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/03/03 03:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/13 22:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/13 22:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/13 22:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/13 22:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/20 10:26:39 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
SRV:64bit: - [2013/01/27 07:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/01/27 07:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2009/07/13 22:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/13 22:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/13 22:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/13 22:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/13 22:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 14:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/13 22:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/05/24 08:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 03:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2011/11/17 03:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/13 22:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/20 10:27:24 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/20 10:27:24 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/20 10:27:25 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2011/11/17 03:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/13 22:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/20 10:27:26 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/20 10:27:25 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/20 09:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/20 10:27:25 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/20 10:27:26 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/20 09:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/13 22:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 02:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/20 10:25:27 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/20 10:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/20 10:25:42 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/20 10:27:25 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 02:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/20 10:27:28 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/20 10:26:59 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/20 10:27:28 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/20 10:24:58 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/20 09:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/13 22:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 19:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/20 10:26:07 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/13 22:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/20 10:27:28 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 03:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 02:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 22:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 02:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/07/17 16:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 02:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 03:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 03:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 09:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/04 07:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 02:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/07/17 16:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/04 07:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 10:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/07/17 16:26:04 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/04 07:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 22:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/07/17 16:26:04 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 03:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/04 07:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SERVICES >
[2009/06/10 18:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

< MD5 for: SERVICES.CFG >
[2013/05/10 04:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 22:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/13 23:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2009/07/13 23:25:40 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 01:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 17:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/13 23:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2009/07/13 23:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2009/07/13 23:23:30 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 17:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2009/07/13 23:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 18:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 17:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 22:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 09:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 22:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 22:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 10:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 10:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 10:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 10:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 22:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/07/17 16:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/07/17 16:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is D211-D633
Directory of C:\
07/14/2009 02:08 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
07/14/2009 02:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 02:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 02:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 02:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 02:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 02:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
07/14/2009 02:08 AM <SYMLINKD> All Users [C:\ProgramData]
07/14/2009 02:08 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
07/14/2009 02:08 AM <JUNCTION> Application Data [C:\ProgramData]
07/14/2009 02:08 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
07/14/2009 02:08 AM <JUNCTION> Documents [C:\Users\Public\Documents]
07/14/2009 02:08 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
07/14/2009 02:08 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
07/14/2009 02:08 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\deco
08/03/2011 02:47 PM <JUNCTION> Application Data [C:\Users\deco\AppData\Roaming]
08/03/2011 02:47 PM <JUNCTION> Cookies [C:\Users\deco\AppData\Roaming\Microsoft\Windows\Cookies]
08/03/2011 02:47 PM <JUNCTION> Local Settings [C:\Users\deco\AppData\Local]
08/03/2011 02:47 PM <JUNCTION> My Documents [C:\Users\deco\Documents]
08/03/2011 02:47 PM <JUNCTION> NetHood [C:\Users\deco\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
08/03/2011 02:47 PM <JUNCTION> PrintHood [C:\Users\deco\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
08/03/2011 02:47 PM <JUNCTION> Recent [C:\Users\deco\AppData\Roaming\Microsoft\Windows\Recent]
08/03/2011 02:47 PM <JUNCTION> SendTo [C:\Users\deco\AppData\Roaming\Microsoft\Windows\SendTo]
08/03/2011 02:47 PM <JUNCTION> Start Menu [C:\Users\deco\AppData\Roaming\Microsoft\Windows\Start Menu]
08/03/2011 02:47 PM <JUNCTION> Templates [C:\Users\deco\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\deco\AppData\Local
08/03/2011 02:47 PM <JUNCTION> Application Data [C:\Users\deco\AppData\Local]
08/03/2011 02:47 PM <JUNCTION> History [C:\Users\deco\AppData\Local\Microsoft\Windows\History]
08/03/2011 02:47 PM <JUNCTION> Temporary Internet Files [C:\Users\deco\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\deco\Documents
08/03/2011 02:47 PM <JUNCTION> My Music [C:\Users\deco\Music]
08/03/2011 02:47 PM <JUNCTION> My Pictures [C:\Users\deco\Pictures]
08/03/2011 02:47 PM <JUNCTION> My Videos [C:\Users\deco\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
07/14/2009 02:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
07/14/2009 02:08 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
07/14/2009 02:08 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
07/14/2009 02:08 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
07/14/2009 02:08 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
07/14/2009 02:08 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
07/14/2009 02:08 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
07/14/2009 02:08 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
07/14/2009 02:08 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
07/14/2009 02:08 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
07/14/2009 02:08 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
07/14/2009 02:08 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
07/14/2009 02:08 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
07/14/2009 02:08 AM <JUNCTION> My Music [C:\Users\Default\Music]
07/14/2009 02:08 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
07/14/2009 02:08 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
09/14/2012 03:50 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
09/14/2012 03:50 PM <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
09/14/2012 03:50 PM <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
09/14/2012 03:50 PM <JUNCTION> My Documents [C:\Users\Guest\Documents]
09/14/2012 03:50 PM <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
09/14/2012 03:50 PM <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
09/14/2012 03:50 PM <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
09/14/2012 03:50 PM <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
09/14/2012 03:50 PM <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
09/14/2012 03:50 PM <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
09/14/2012 03:50 PM <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
09/14/2012 03:50 PM <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
09/14/2012 03:50 PM <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
09/14/2012 03:50 PM <JUNCTION> My Music [C:\Users\Guest\Music]
09/14/2012 03:50 PM <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
09/14/2012 03:50 PM <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
07/14/2009 02:08 AM <JUNCTION> My Music [C:\Users\Public\Music]
07/14/2009 02:08 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
07/14/2009 02:08 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
66 Dir(s) 874,533,474,304 bytes free

< End of report >

OTL Extras logfile created on: 8/3/2013 8:18:58 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\deco\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.97 Gb Total Physical Memory | 2.13 Gb Available Physical Memory | 53.78% Memory free
7.93 Gb Paging File | 5.98 Gb Available in Paging File | 75.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 814.47 Gb Free Space | 89.32% Space Free | Partition Type: NTFS
Drive D: | 124.26 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.86 Gb Total Space | 1.39 Gb Free Space | 74.62% Space Free | Partition Type: FAT

Computer Name: DECO-PC | User Name: deco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{590952BE-620F-43AF-8E70-00473C7793F0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{59420C17-8856-4876-9B22-78607CC29BE2}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |
"{732D7862-8213-4CEC-B199-1ECF518EC5D5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{827F071D-437A-446C-B226-EA273A8BBD1F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8671E638-B190-4D1A-B975-45261334F69B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BA2C1DD-9D4A-4C5B-9F07-3BD790275E8D}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |
"{A4DD07B1-8831-43B0-A77E-855AB4BD1A68}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A57B1D85-E8C1-4621-A51A-FD5BF0F9332B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B592F858-B34D-4982-8F80-BD1805833D90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B9C8B939-FF5B-40E4-8CBF-0182AC1A296F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CD8BF665-9D6B-49BF-8BBB-656B67638DF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CFE994B8-3BD4-4C84-9D2A-2A98FFCE7158}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{DCE1E09D-D1F7-4624-B07B-D5F29EBE3D40}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E217D54E-E9AD-4E7B-AB93-D1051C696648}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E6D81085-A9A7-44E2-B750-51DA320ECDFF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4AFFB2E-416A-44E2-991E-F559D40C9A06}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D1FA69-198A-4378-98B4-F01DC7FEA9A6}" = protocol=6 | dir=out | app=system |
"{04703FA0-8419-4022-9A78-A0E08D6AE944}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{086A8815-F5C6-4DE6-9957-A78FDD297C00}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{09A52006-A18F-464D-B739-B37C9F6BCEE8}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{24843318-49D4-445A-A522-5B62BC45A6EE}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{271625F3-6CBE-4DF4-AE25-86EE4A71CA24}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{291D0A25-EFE9-4621-819E-876A75E925CB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{2E712108-4ACA-4F18-8E06-2189E005FAA2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{34D864FB-FC2F-40D4-8646-EA1B094373ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{35E37D8B-C6A8-4AB5-A280-E9C8DDC9F676}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3937D7E1-69CD-4C63-9195-012D28339809}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4F4BB24B-BDA3-4D35-8C51-30E3E51933E4}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{584798F8-E747-4A0C-8621-799CFE25D872}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{657FDB13-9BA3-4108-B5EC-54ABA27F9995}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7487C1F6-5F7E-46DA-9349-F9A8608B473A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{758A52EB-8BFF-4193-B9FB-07BDFDDDEE0C}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{762E55A9-A105-463A-882D-8BCCE055C7C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8EC566AF-E149-4E4B-8AE1-01AD7B69175F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{913E15B4-A2C2-4EF6-8BF4-7A37BA6F769D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9368F6A5-496D-4A40-A4A6-78F71C218012}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A9C1FC39-A3B0-46A1-B0B8-3F3E33321595}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{AC849772-5535-4FDC-92A0-BEFBD4511479}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ACFC4B60-88F6-44D5-816F-F9061856A2CC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{AFB768B3-7C3B-4410-8FC5-3D82BC5B3119}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B0D5289E-87E3-423D-A0A6-213F3E7E4E65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C147C0A1-F346-410E-9F9D-B866C7F30074}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CB87566E-95E2-4261-B08C-24EB01A23CEF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D1EA33EB-43F8-41C7-9D4C-F6A693228335}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{D4F2E2B2-9DFA-4B15-BF85-A5B06A67BFDB}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DAECF7F7-1D3E-4D75-B288-503FD92B7863}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DE730409-489D-4722-9A14-434287F4CDBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF8B1D45-48C2-42D5-84BE-AC2A82462452}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware player\vmware-authd.exe |
"{F1A4DCB9-7546-4B91-8DD8-959B8019E6CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F1B69267-19AE-41E8-83DF-E00BEB5CED77}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FB1EA86D-B4B0-452E-B117-2E60BA3002CB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{7211CCB5-A592-46F3-BBA5-CD2CF736947C}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{E43F6056-FEDD-4715-9EDC-EAAE81423323}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{1CD511CF-44F7-4225-9BF1-DEFCFFD596A4}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{835062D1-3F0B-4C7C-8753-BE048A20F484}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ca6db69-1557-428e-b75f-3f479f9a48bf}" = Nero 9 Essentials
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D2A900D-EB39-3386-8D9F-3B8F069C57A5}" = Google Talk Plugin
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C89269D9-DD02-45DD-99DD-6AE592F6C447}" = TurboTax 2011 wcaiper
"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0.2
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"eMusic Download Manager 6" = eMusic Download Manager 6
"ESET Online Scanner" = ESET Online Scanner v3
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LAME_is1" = LAME v3.99.3 (for Windows)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MKV Player_is1" = MKV Player 2.1
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"RealPlayer 15.0" = RealPlayer
"TMACv5.0R3" = Technitium MAC Address Changer v5.0 Release 3
"TurboTax 2011" = TurboTax 2011
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"VMware_Player" = VMware Player
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3406242734-3781281278-1370421689-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2013 11:35:45 PM | Computer Name = deco-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\deco\Downloads\SoftonicDownloader_para_hijackthis.exe".Error
in manifest or policy file "" on line . A component version required by the application
conflicts with another component version already active. Conflicting components
are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 8/1/2013 11:42:33 PM | Computer Name = deco-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/2/2013 12:01:24 AM | Computer Name = deco-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/2/2013 11:38:36 AM | Computer Name = deco-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/2/2013 11:46:55 AM | Computer Name = deco-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/2/2013 1:08:34 PM | Computer Name = deco-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Photoshop.exe, version: 10.0.0.0, time
stamp: 0x4601eae8 Faulting module name: Save for Web.8be, version: 10.0.0.12, time
stamp: 0x4601fd7a Exception code: 0xc000000d Fault offset: 0x00420d52 Faulting process
id: 0x1230 Faulting application start time: 0x01ce8fa297aaa01b Faulting application
path: C:\Users\deco\AppData\Local\Temp\RarSFX0\Photoshop.exe Faulting module path:
C:\Users\deco\AppData\Local\Temp\RarSFX0\Plug-Ins\Import-Export\Save for Web.8be
Report
Id: 299d56ca-fb96-11e2-9a1a-005056c00008

Error - 8/2/2013 4:14:16 PM | Computer Name = deco-PC | Source = Microsoft-Windows-CAPI2 | ID = 4101
Description = Failed auto update retrieval of third-party root certificate from:
<http://ctldl.windows...89A457B012.crt>
with error: This operation returned because the timeout period expired. .

Error - 8/2/2013 11:08:35 PM | Computer Name = deco-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/3/2013 4:35:25 PM | Computer Name = deco-PC | Source = McLogEvent | ID = 5046
Description = The McShield scanning service cannot find any configuration in the
registry

Error - 8/3/2013 5:50:40 PM | Computer Name = deco-PC | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 8/3/2013 12:23:39 AM | Computer Name = deco-PC | Source = bowser | ID = 8003
Description =

Error - 8/3/2013 12:59:36 AM | Computer Name = deco-PC | Source = bowser | ID = 8003
Description =

Error - 8/3/2013 1:23:34 AM | Computer Name = deco-PC | Source = bowser | ID = 8003
Description =

Error - 8/3/2013 1:50:35 AM | Computer Name = deco-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Windows Internet Explorer 9 for Windows 7 for x64-based
Systems.

Error - 8/3/2013 1:51:09 AM | Computer Name = deco-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 10 for Windows 7 for x64-based Systems.

Error - 8/3/2013 4:35:23 PM | Computer Name = deco-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater15.3.0 service failed to start due to the following
error: %%2

Error - 8/3/2013 4:36:25 PM | Computer Name = deco-PC | Source = Service Control Manager | ID = 7024
Description = The McShield service terminated with service-specific error %%5046.

Error - 8/3/2013 6:41:47 PM | Computer Name = deco-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/3/2013 6:42:04 PM | Computer Name = deco-PC | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 8/3/2013 6:43:04 PM | Computer Name = deco-PC | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056


< End of report >

Edited by alternate, 03 August 2013 - 05:42 PM.

  • 0

#9
Teima
Posted 04 August 2013 - 03:27 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello alternative. Once this machine is marked as solved. Would you like to move on to the second one? We're almost done with this one. Just a few further checkup scans remain. :)

Step One

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware from here.

  • Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click scan.
  • When the scan is complete, click OK, then show results to view the scan results.
  • If anything is found make sure that everything is checked, and then click remove selected.
  • Once the scan has completed, a log will open in Notepad and you may be prompted to restart.
  • Please note the log is automatically saved and can be viewed by clicking the logs tab within Malwarebytes.
  • Copy and paste the entire content of that report within your next response.

Step Two

ESET Online Scanner

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Remove found threats is Not checked
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#10
alternate
Posted 05 August 2013 - 10:17 PM

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
Please help on my second machine after this one is clean, thanks.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
deco :: DECO-PC [administrator]

8/5/2013 6:39:09 PM
mbam-log-2013-08-05 (18-39-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239833
Time elapsed: 3 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1

C:\Users\deco\Downloads\SoftonicDownloader_para_hijackthis.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.

(end)

The ESET scanner showed one threat but it didnt produce any log using mozilla and cannot load the scan on IE...what do I do?
  • 0

Advertisements

#11
Teima
Posted 06 August 2013 - 05:07 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello alternate. No worries. We'll move on to that machine shortly. Is there a log file for ESET Online Scanner situated at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt? If there is. Would you be able to copy and paste that into this topic for me to review? :)

Edited by Teima, 06 August 2013 - 06:45 AM.

  • 0

#12
alternate
Posted 06 August 2013 - 01:57 PM

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3dd7ae189377804aac1c8e132c1f1df9
# engine=14677
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-08-06 07:12:02
# local_time=2013-08-06 04:12:02 (-0300, E. South America Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1409080 127363372 0 0
# scanned=182629
# found=1
# cleaned=0
# scan_time=7591
sh=38DF5A6047E8D43A662C51DE8B9F695A680C2D66 ft=0 fh=0000000000000000 vn="Win32/OpenCandy application" ac=I fn="C:\Users\deco\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_br.cab"
  • 0

#13
Teima
Posted 07 August 2013 - 02:03 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Step One

Download aswMBR.exe (4.52MB) to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Step Two

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any <--- ROOKIT entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
  • 0

#14
alternate
Posted 07 August 2013 - 03:30 PM

alternate

    Member

  • Topic Starter
  • Member
  • PipPip
  • 83 posts
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-07 18:28:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.80.0 931.51GB
Running: gmer.exe; Driver: C:\Users\deco\AppData\Local\Temp\kwldapog.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560 fffff80002ff7000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607 fffff80002ff702f 18 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000772f1465 2 bytes [2F, 77]
.text C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000772f14bb 2 bytes [2F, 77]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!FreeLibraryAndExitThread] [10002370] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\system32\SHLWAPI.dll[KERNEL32.dll!CreateThread] [100034e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Windows\Explorer.EXE[1424] @ C:\Windows\system32\SHELL32.dll[KERNEL32.dll!LoadLibraryA] [100011e0] C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll
IAT C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[1712] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fe08960] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

---- Threads - GMER 2.1 ----

Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3184:1224] 000007fefbb82a7c

---- EOF - GMER 2.1 ----

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-08-07 17:48:18
-----------------------------
17:48:18.102 OS Version: Windows x64 6.1.7601 Service Pack 1
17:48:18.102 Number of processors: 2 586 0x170A
17:48:18.103 ComputerName: DECO-PC UserName: deco
17:48:19.931 Initialize success
17:51:59.329 AVAST engine defs: 13080701
17:54:46.714 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:54:46.724 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
17:54:46.814 Disk 0 MBR read successfully
17:54:46.814 Disk 0 MBR scan
17:54:46.824 Disk 0 Windows 7 default MBR code
17:54:46.834 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 20000 MB offset 2048
17:54:46.874 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40962048
17:54:46.914 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 933767 MB offset 41166848
17:54:46.984 Disk 0 scanning C:\Windows\system32\drivers
17:54:57.757 Service scanning
17:55:20.270 Modules scanning
17:55:20.280 Disk 0 trace - called modules:
17:55:20.300 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:55:20.310 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006a5c610]
17:55:20.321 3 CLASSPNP.SYS[fffff88001aa643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004760050]
17:55:21.911 AVAST engine scan C:\Windows
17:55:26.252 AVAST engine scan C:\Windows\system32
17:59:52.915 AVAST engine scan C:\Windows\system32\drivers
18:00:07.946 AVAST engine scan C:\Users\deco
18:11:37.359 AVAST engine scan C:\ProgramData
18:13:25.617 Scan finished successfully
18:14:13.300 Disk 0 MBR has been saved successfully to "C:\Users\deco\Desktop\MBR.dat"
18:14:13.345 The log file has been saved successfully to "C:\Users\deco\Desktop\aswMBR.txt"
  • 0

#15
Teima
Posted 08 August 2013 - 07:15 PM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello Alternate. This machine is now cleansed. Are you facing any further issues on this one? If not. Allow me to move to the second machine. These instructions below apply for the second machine also. :)

Step One

Please download OTL to your desktop from here. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP