Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AVG finds Appandora Device Service Threat [Solved]


  • This topic is locked This topic is locked

#1
CatherineL2288

CatherineL2288

    New Member

  • Member
  • Pip
  • 8 posts

Hi,

 

Have turned on my laptop the past few mornings and have been met by AVG anti-virus stating there is a threat. Each time I have removed the threat it still comes up the next day. The threat seems to be from something called "Appandora Device Service"  as seen below. Can someone please help me in how to remove this or deal with it! I have checked to see if there is anything I can uninstall but cant find anything. I would be very grateful if someone could help me.

 

Many Thanks

 

Catherine

image.png


  • 0

Advertisements


#2
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello and Welcome on board CatherineL2288 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Let's get a overlook over the system with OTL.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

  • 0

#3
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks for the help here is the 

 

Here is the OTL.txt file

 

OTL logfile created on: 03/05/2014 16:22:23 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC WORLD\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.84 Gb Total Physical Memory | 4.50 Gb Available Physical Memory | 57.37% Memory free
15.68 Gb Paging File | 12.87 Gb Available in Paging File | 82.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.54 Gb Total Space | 242.84 Gb Free Space | 35.68% Space Free | Partition Type: NTFS
Drive D: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CATHERINE | User Name: PC WORLD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/03 16:13:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC WORLD\Downloads\OTL.exe
PRC - [2014/04/20 10:21:53 | 001,236,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\PC WORLD\AppData\Roaming\BitTorrent\BitTorrent.exe
PRC - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
PRC - [2014/04/02 23:06:01 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe
PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
PRC - [2014/02/05 02:31:22 | 000,126,995 | ---- | M] (VideoLAN) -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/25 22:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2012/04/06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
PRC - [2012/04/06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
PRC - [2012/04/05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/03/23 10:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2012/03/23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2012/03/23 10:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2012/03/23 10:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2012/02/29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/27 12:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012/02/08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/02 00:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012/01/05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2012/01/05 22:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
MOD - [2014/04/24 01:33:05 | 000,674,632 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
MOD - [2014/04/24 01:33:04 | 000,093,000 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
MOD - [2014/04/12 10:45:34 | 008,884,904 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\1033\GrooveIntlResource.dll
MOD - [2014/02/15 12:12:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/15 12:12:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/15 12:11:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/15 12:11:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014/02/05 02:32:36 | 002,396,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
MOD - [2014/02/05 02:32:34 | 000,063,507 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
MOD - [2014/02/05 02:32:34 | 000,036,883 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
MOD - [2014/02/05 02:32:34 | 000,021,523 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
MOD - [2014/02/05 02:32:34 | 000,021,011 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
MOD - [2014/02/05 02:32:32 | 000,030,739 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
MOD - [2014/02/05 02:32:32 | 000,025,619 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
MOD - [2014/02/05 02:32:32 | 000,024,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
MOD - [2014/02/05 02:32:28 | 011,148,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
MOD - [2014/02/05 02:32:24 | 000,031,251 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
MOD - [2014/02/05 02:32:24 | 000,027,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
MOD - [2014/02/05 02:32:24 | 000,017,939 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
MOD - [2014/02/05 02:32:22 | 000,336,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
MOD - [2014/02/05 02:32:22 | 000,291,859 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
MOD - [2014/02/05 02:32:22 | 000,019,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
MOD - [2014/02/05 02:32:22 | 000,018,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
MOD - [2014/02/05 02:32:20 | 001,371,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
MOD - [2014/02/05 02:32:18 | 000,027,155 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
MOD - [2014/02/05 02:32:18 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
MOD - [2014/02/05 02:32:18 | 000,015,891 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
MOD - [2014/02/05 02:32:16 | 001,280,019 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
MOD - [2014/02/05 02:32:16 | 000,733,203 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
MOD - [2014/02/05 02:32:16 | 000,171,027 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
MOD - [2014/02/05 02:32:16 | 000,022,035 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
MOD - [2014/02/05 02:32:16 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
MOD - [2014/02/05 02:32:14 | 010,396,179 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
MOD - [2014/02/05 02:32:14 | 000,344,595 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
MOD - [2014/02/05 02:32:14 | 000,198,675 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
MOD - [2014/02/05 02:32:14 | 000,017,427 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
MOD - [2014/02/05 02:32:06 | 000,146,451 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
MOD - [2014/02/05 02:32:06 | 000,054,291 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
MOD - [2014/02/05 02:32:06 | 000,038,419 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
MOD - [2014/02/05 02:32:06 | 000,026,131 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
MOD - [2014/02/05 02:32:06 | 000,016,403 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
MOD - [2014/02/05 02:32:04 | 000,013,843 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
MOD - [2014/02/05 02:32:04 | 000,013,843 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
MOD - [2014/02/05 02:32:02 | 000,555,027 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
MOD - [2014/02/05 02:32:00 | 000,032,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libadjust_plugin.dll
MOD - [2014/02/05 02:32:00 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
MOD - [2014/02/05 02:31:58 | 000,296,979 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
MOD - [2014/02/05 02:31:58 | 000,168,979 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
MOD - [2014/02/05 02:31:56 | 000,058,899 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
MOD - [2014/02/05 02:31:56 | 000,025,619 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
MOD - [2014/02/05 02:31:56 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
MOD - [2014/02/05 02:31:54 | 001,512,467 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
MOD - [2014/02/05 02:31:54 | 001,496,083 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,130,579 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,019,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,014,355 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
MOD - [2014/02/05 02:31:54 | 000,013,331 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
MOD - [2014/02/05 02:31:52 | 000,036,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
MOD - [2014/02/05 02:31:48 | 000,383,507 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
MOD - [2014/02/05 02:31:48 | 000,118,803 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
MOD - [2014/02/05 02:31:48 | 000,017,427 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
MOD - [2014/02/05 02:31:48 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
MOD - [2014/02/05 02:31:46 | 001,248,787 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
MOD - [2014/02/05 02:31:46 | 000,021,011 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
MOD - [2014/02/05 02:31:44 | 000,053,779 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
MOD - [2014/02/05 02:31:44 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
MOD - [2014/02/05 02:31:44 | 000,019,987 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
MOD - [2014/02/05 02:31:42 | 000,724,499 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,113,683 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,067,091 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,066,579 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,032,275 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,027,667 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,026,643 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,020,499 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,018,963 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,017,427 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,016,915 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
MOD - [2014/02/05 02:31:40 | 000,015,379 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
MOD - [2014/02/05 02:31:38 | 000,268,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
MOD - [2014/02/05 02:31:38 | 000,240,659 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
MOD - [2014/02/05 02:31:38 | 000,076,307 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
MOD - [2014/02/05 02:31:36 | 002,021,395 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
MOD - [2014/02/05 02:31:36 | 000,114,195 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
MOD - [2014/02/05 02:31:36 | 000,045,587 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
MOD - [2014/02/05 02:31:34 | 000,100,371 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
MOD - [2014/02/05 02:31:34 | 000,040,467 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
MOD - [2014/02/05 02:31:30 | 000,133,139 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
MOD - [2014/02/05 02:31:26 | 000,708,627 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
MOD - [2014/02/05 02:31:26 | 000,014,867 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
MOD - [2014/02/05 02:31:24 | 000,531,475 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
MOD - [2014/02/05 02:31:24 | 000,060,947 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
MOD - [2014/02/05 02:31:22 | 000,113,171 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
MOD - [2012/04/06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
MOD - [2012/04/06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
MOD - [2012/01/05 22:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)
SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/06/20 00:14:28 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2012/04/05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/03/21 13:03:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2012/02/07 17:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2014/04/29 13:21:26 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/10/25 22:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2012/06/20 00:20:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/04/23 05:25:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/03/23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012/02/29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/02/02 00:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012/01/05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2014/03/31 16:20:54 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2014/03/31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2014/03/27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2014/03/27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
DRV:64bit: - [2014/03/27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2014/03/27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2014/03/27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/20 00:14:28 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2012/06/20 00:14:27 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2012/06/20 00:14:26 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2012/05/03 22:59:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2012/03/27 03:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/03/21 22:23:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/03/21 22:23:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2012/03/21 22:23:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/03/21 22:23:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/03/21 22:23:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2012/03/21 22:23:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2012/03/07 14:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/27 12:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/02/27 12:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/02/27 12:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012/02/14 13:33:08 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2012/02/14 13:33:02 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)
DRV:64bit: - [2012/02/07 07:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2012/02/07 07:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2012/02/02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012/01/19 00:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011/12/06 12:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/04 10:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011/11/04 10:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011/09/02 14:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011/07/14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\..\SearchScopes,DefaultScope = {DC6B57E2-958C-4A11-969C-B973E43D25DE}
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...2D408EDB9EE5D79
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DD1F5EE1-D12F-4ACE-9792-406470A94775}&mid=0aac9f823a2547d0a29d69c1a5eefdff-14c957ab72f0aa191aacbf5cbde84f56fa7d2a74&lang=en&ds=AVG&pr=fr&d=2012-10-15 13:39:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\..\SearchScopes\{DC6B57E2-958C-4A11-969C-B973E43D25DE}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PC WORLD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Hola Better Internet = C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.233_0\
CHR - Extension: Google Wallet = C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Battlefield Play4Free = C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ALU] C:\Program Files\Acer\Acer Updater\ALU.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Appandora device service] C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2908051684-2934033797-294929725-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2908051684-2934033797-294929725-1000..\Run: [BitTorrent] C:\Users\PC WORLD\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1BA7CB3-0340-45D3-8C57-4991493C3391}: DhcpNameServer = 194.168.4.100 194.168.8.100
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/03 16:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/05/03 16:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2014/05/03 16:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2014/05/03 11:54:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/04/20 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\PC WORLD\AppData\Local\{F5F007C3-EB0A-4E15-9916-33118A75B68E}
[2014/04/18 15:01:56 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2014/04/11 23:59:33 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/04/11 23:59:33 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/04/11 23:59:27 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/04/11 23:59:17 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/04/11 23:59:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/04/11 23:59:16 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/11 23:59:16 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/04/11 23:59:15 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/04/11 23:59:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014/04/11 23:59:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014/04/11 23:59:14 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/04/11 23:59:14 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/04/11 23:59:14 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/04/11 23:59:13 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/04/11 23:59:13 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/04/11 23:59:13 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/04/11 23:59:13 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/04/11 23:59:13 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/04/11 23:59:13 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/11 23:59:10 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/11 23:59:10 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/04/11 23:59:10 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/04/11 23:59:10 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/04/11 23:59:10 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/04/11 23:59:10 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/04/11 23:59:10 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/04/11 23:59:08 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/04/11 23:59:08 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/04/11 23:59:05 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/04/10 05:38:51 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2014/04/10 05:38:51 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2014/04/10 05:38:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iologmsg.dll
[2014/04/10 05:38:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iologmsg.dll
[2014/04/10 05:38:49 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2014/04/10 05:38:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014/04/10 05:38:49 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014/04/10 05:38:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014/04/10 05:38:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014/04/10 05:38:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014/04/10 05:38:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014/04/10 05:38:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014/04/10 05:38:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014/04/10 05:38:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014/04/06 21:14:23 | 000,000,000 | ---D | C] -- C:\Users\PC WORLD\AppData\Roaming\Appandora
[2014/04/06 21:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Appandora
[2013/08/07 21:24:02 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\PC WORLD\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/03 16:21:49 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/03 16:21:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/03 16:11:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908051684-2934033797-294929725-1000UA.job
[2014/05/03 10:14:07 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/03 10:14:07 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/03 10:06:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/03 10:06:34 | 2018,791,423 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/02 23:11:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908051684-2934033797-294929725-1000Core.job
[2014/04/30 21:30:07 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/04/29 13:21:24 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/04/29 13:21:24 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/23 21:22:18 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/04/23 21:22:18 | 000,667,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/04/23 21:22:18 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
 
========== Files Created - No Company Name ==========
 
[2014/05/03 16:21:49 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/05/03 16:20:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/11/24 12:48:18 | 000,000,376 | ---- | C] () -- C:\Windows\wininit.ini
[2013/09/30 19:00:31 | 000,004,999 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
[2013/09/30 18:52:11 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/09/30 18:52:11 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013/08/07 21:24:02 | 000,099,384 | ---- | C] () -- C:\Users\PC WORLD\AppData\Roaming\inst.exe
[2013/08/07 21:24:02 | 000,007,859 | ---- | C] () -- C:\Users\PC WORLD\AppData\Roaming\pcouffin.cat
[2013/08/07 21:24:02 | 000,001,167 | ---- | C] () -- C:\Users\PC WORLD\AppData\Roaming\pcouffin.inf
[2013/01/11 13:56:32 | 000,060,116 | ---- | C] () -- C:\Users\PC WORLD\Downloads-2.(null)
[2013/01/11 13:56:29 | 000,060,116 | ---- | C] () -- C:\Users\PC WORLD\Downloads-1.(null)
[2012/12/28 15:11:54 | 000,001,069 | ---- | C] () -- C:\Users\PC WORLD\Music - Shortcut.lnk
[2012/11/01 18:44:47 | 000,000,000 | ---- | C] () -- C:\Users\PC WORLD\AppData\Local\~wmrg
[2012/09/28 17:17:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/09/21 21:29:19 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI
[2012/06/20 00:12:45 | 000,766,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/05/14 11:29:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/05/14 11:29:51 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/05/14 11:29:34 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/05/14 11:29:34 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/05/14 11:29:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/10/13 10:22:43 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 10:22:43 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2012/08/31 00:24:26 | 000,000,000 | ---D | M] -- C:\Users\Kiosk\AppData\Roaming\Screensaver
[2014/04/06 21:19:20 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Appandora
[2013/10/08 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\AVG2014
[2013/03/20 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Babylon
[2014/05/03 16:23:46 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\BitTorrent
[2014/01/17 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\BitTorrent Sync
[2012/12/02 14:09:57 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/01 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\GrabPro
[2013/08/07 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\iDealshare VideoGo
[2013/11/15 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\iMobie
[2014/03/21 15:21:45 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Leadertech
[2014/03/21 21:42:13 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Lunaweb
[2013/09/30 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\MOVAVI
[2014/03/10 21:55:25 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Naturalsoft
[2013/03/20 10:19:30 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Orbit
[2013/11/25 05:17:52 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Origin
[2012/10/16 11:06:43 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\ProgSense
[2012/08/30 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Screensaver
[2012/09/21 20:22:52 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\TuneUp Software
[2013/02/01 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Unity
[2013/09/30 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\VideoEditor
[2013/08/07 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Vso
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
========== Base Services ==========
SRV:64bit: - [2009/07/14 02:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
SRV:64bit: - [2013/02/27 06:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
SRV:64bit: - [2009/07/14 02:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
SRV:64bit: - [2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
SRV:64bit: - [2010/11/21 04:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
SRV:64bit: - [2009/07/14 02:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
SRV - [2009/07/14 02:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
SRV:64bit: - [2012/07/04 23:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)
SRV:64bit: - [2013/07/09 06:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
SRV - [2013/07/09 05:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
SRV:64bit: - [2010/11/21 04:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV - [2010/11/21 04:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2011/07/14 06:28:35 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
SRV:64bit: - [2009/07/14 02:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
SRV:64bit: - [2009/07/14 02:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
SRV - [2009/07/14 02:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
SRV:64bit: - [2009/07/14 02:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
SRV:64bit: - [2010/11/21 04:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV:64bit: - [2009/07/14 02:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
SRV:64bit: - [2009/07/14 02:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
SRV:64bit: - [2009/07/14 02:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
SRV:64bit: - [2009/07/14 02:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
SRV - [2009/07/14 02:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
SRV:64bit: - [2012/10/03 18:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
SRV:64bit: - [2009/07/14 02:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
SRV:64bit: - [2011/09/21 10:37:16 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
SRV:64bit: - [2012/02/11 07:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV:64bit: - [2009/07/14 02:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
SRV:64bit: - [2010/11/21 04:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
SRV:64bit: - [2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
SRV:64bit: - [2010/11/21 04:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
SRV:64bit: - [2013/09/25 02:03:24 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
SRV:64bit: - [2009/07/14 02:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
SRV:64bit: - [2010/11/21 04:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
SRV:64bit: - [2010/11/21 04:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
SRV - [2010/11/21 04:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV:64bit: - [2010/11/21 04:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
SRV:64bit: - [2010/11/21 04:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
SRV - [2010/11/21 04:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
SRV:64bit: - [2009/07/14 02:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2012/05/01 06:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
SRV:64bit: - [2010/11/21 04:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
SRV:64bit: - [2010/11/21 04:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2010/11/21 04:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/11/21 04:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
SRV:64bit: - [2010/11/21 04:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
SRV:64bit: - [2010/11/21 04:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
SRV:64bit: - [2010/11/21 04:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
SRV - [2010/11/21 04:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV:64bit: - [2009/07/14 02:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
SRV:64bit: - [2012/06/02 23:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
SRV:64bit: - [2010/11/21 04:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
SRV:64bit: - [2009/07/14 02:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
SRV:64bit: - [2010/11/21 04:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: EXPLORER.EXE  >
[2011/07/14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/07/14 06:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/07/14 06:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/07/14 06:30:29 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/07/14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/07/14 06:30:29 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: MPSVC.DLL  >
[2013/05/27 06:26:41 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7B6CD2C784B13D63481B6BF49605C026 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_b648c5e888076cca\MpSvc.dll
[2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=7CBB1D4D13DC62D7F529D87151FD3CD3 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_b59db7296f030a55\MpSvc.dll
[2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) MD5=CF318F60A84F15AF352439465A8D05F4 -- C:\Windows\winsxs\amd64_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_b5e2b6396ecea306\MpSvc.dll
 
< MD5 for: QMGR.DLL  >
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\SysNative\qmgr.dll
[2010/11/21 04:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) MD5=1EA7969E3271CBC59E1730697DC74682 -- C:\Windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
 
< MD5 for: RPCSS.DLL  >
[2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\SysNative\rpcss.dll
[2010/11/21 04:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=5C627D1B1138676C0A7AB2C2C190D123 -- C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
 
< MD5 for: SERVICES  >
[2009/06/10 22:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services
 
< MD5 for: SERVICES.ASFX  >
[2012/12/18 15:28:54 | 000,002,637 | ---- | M] () MD5=016DFC4F3F133AE19338EECD1924886A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ro_RO\Services\Services.asfx
[2012/12/18 15:28:56 | 000,002,970 | ---- | M] () MD5=05A68D76420994EF8DF33184BFA98E04 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\uk_UA\Services\Services.asfx
[2012/12/18 15:28:44 | 000,002,555 | ---- | M] () MD5=272301585AC133486E70228DA27659AC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_TW\Services\Services.asfx
[2012/12/18 15:28:38 | 000,002,562 | ---- | M] () MD5=27CE9BD3209B549BB776B8C877455A91 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nb_NO\Services\Services.asfx
[2012/12/18 15:28:42 | 000,002,632 | ---- | M] () MD5=2998A4AE8D0EF5122CCB985CF7E9D9D3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ko_KR\Services\Services.asfx
[2012/12/18 15:28:42 | 000,002,545 | ---- | M] () MD5=2EEC9DDBD0B4EE5F65532322C383938A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\zh_CN\Services\Services.asfx
[2012/12/18 15:28:46 | 000,002,629 | ---- | M] () MD5=3A0082D76426A87FB4937D426C491C10 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\cs_CZ\Services\Services.asfx
[2012/12/18 15:28:50 | 000,002,590 | ---- | M] () MD5=448953BD0CF26CE03D9E7CC1A7B278BC -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\tr_TR\Services\Services.asfx
[2012/12/18 15:28:28 | 000,002,605 | ---- | M] () MD5=5A2C5D0DA3EAAB2AA77F16947D0E14FF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\it_IT\Services\Services.asfx
[2012/12/18 15:28:48 | 000,002,679 | ---- | M] () MD5=5DD2704563A6A79C466E44CD966B2655 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hu_HU\Services\Services.asfx
[2012/12/18 15:28:28 | 000,002,711 | ---- | M] () MD5=6B0E7B068BD530B8FCEBC04CC8844AA9 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ja_JP\Services\Services.asfx
[2012/12/18 15:28:52 | 000,002,582 | ---- | M] () MD5=797FC263D59784AD1498560C34FA7DA1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sl_SI\Services\Services.asfx
[2012/12/18 15:28:24 | 000,002,626 | ---- | M] () MD5=8073B18DC740B965256CE0957E363AC5 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fr_FR\Services\Services.asfx
[2012/12/18 15:28:40 | 000,002,634 | ---- | M] () MD5=912DD5C0C7C8D7572AD598414D56E24A -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pt_BR\Services\Services.asfx
[2012/12/18 15:28:26 | 000,002,655 | ---- | M] () MD5=ABFBB9D0398492D849690C344C1316BB -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\de_DE\Services\Services.asfx
[2012/12/18 15:28:58 | 000,002,638 | ---- | M] () MD5=C2C37202B0E55877A64ADDBDE738284E -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sk_SK\Services\Services.asfx
[2012/12/18 15:28:46 | 000,002,589 | ---- | M] () MD5=C313AD3602D4965A1918E86B9F3E84CF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\pl_PL\Services\Services.asfx
[2012/12/18 15:28:58 | 000,002,609 | ---- | M] () MD5=C7FA88C21103C70826F274A0E865AEDF -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ca_ES\Services\Services.asfx
[2012/12/18 15:29:00 | 000,002,576 | ---- | M] () MD5=D27D52045EB6A2EE031F7D2EA0349BC3 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\eu_ES\Services\Services.asfx
[2012/12/18 15:28:34 | 000,002,560 | ---- | M] () MD5=D5642B1BFE0A70231D14C11D3D3FD60D -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\da_DK\Services\Services.asfx
[2012/12/18 15:28:50 | 000,002,588 | ---- | M] () MD5=DB216743CDE75637621E2FD39431BBD4 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\hr_HR\Services\Services.asfx
[2012/12/18 15:28:30 | 000,002,620 | ---- | M] () MD5=DCF7A8843832327386B81ABD189AC236 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\es_ES\Services\Services.asfx
[2012/12/18 15:28:50 | 000,002,997 | ---- | M] () MD5=DD3F4DAF426555D8D85FF4D7C5A04F37 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\ru_RU\Services\Services.asfx
[2010/11/16 05:02:32 | 000,000,228 | R--- | M] () MD5=E09422BE0C7636A7B63A1527C4C1372D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx
[2012/12/18 15:28:36 | 000,002,599 | ---- | M] () MD5=F09D769A94767C3C7E7015A5C6C99A39 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\fi_FI\Services\Services.asfx
[2012/12/18 15:28:34 | 000,002,628 | ---- | M] () MD5=F844D742DB53C7D671BF7ED6517414D1 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\nl_NL\Services\Services.asfx
[2012/12/18 15:28:32 | 000,002,582 | ---- | M] () MD5=FED4BDA3B6A9EB9DB59C254D8C987495 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Locale\sv_SE\Services\Services.asfx
 
< MD5 for: SERVICES.ASFX1  >
[2010/11/16 05:02:32 | 000,000,228 | R--- | M] () MD5=A7B7A4CC1A717292474115CD3A4AC121 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx1
 
< MD5 for: SERVICES.ASFX10  >
[2010/11/16 05:02:34 | 000,000,233 | R--- | M] () MD5=3382FAB54FC906B0E40269D903A8D690 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx10
 
< MD5 for: SERVICES.ASFX11  >
[2010/11/16 05:02:26 | 000,000,227 | R--- | M] () MD5=F36865AB3B9813962B7EDBE66FA1C28A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx11
 
< MD5 for: SERVICES.ASFX12  >
[2010/11/16 05:02:30 | 000,000,225 | R--- | M] () MD5=9287C7268CC0F37F1DDE18CEBB128685 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx12
 
< MD5 for: SERVICES.ASFX13  >
[2010/11/16 05:02:30 | 000,000,228 | R--- | M] () MD5=95326C46AC2654AFF5C8543DFE22CCB3 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx13
 
< MD5 for: SERVICES.ASFX14  >
[2010/11/16 05:02:26 | 000,000,228 | R--- | M] () MD5=14DA84ECAF57B5ADA36B9093FF04CF32 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx14
 
< MD5 for: SERVICES.ASFX15  >
[2010/11/16 05:02:26 | 000,000,231 | R--- | M] () MD5=CF94F061685A38BABE0BBD463191EDE7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx15
 
< MD5 for: SERVICES.ASFX16  >
[2010/11/16 05:02:34 | 000,000,232 | R--- | M] () MD5=B6E63D87C73CED2D6B433C542C5C3965 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx16
 
< MD5 for: SERVICES.ASFX17  >
[2010/11/16 05:02:34 | 000,000,230 | R--- | M] () MD5=545E97C4F4CEA743A8D86B685EE2EDBB -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx17
 
< MD5 for: SERVICES.ASFX18  >
[2010/11/16 05:02:24 | 000,000,230 | R--- | M] () MD5=2577B66F38E0DEA25F328DA4A0FED322 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx18
 
< MD5 for: SERVICES.ASFX19  >
[2010/11/16 05:02:26 | 000,000,225 | R--- | M] () MD5=0A27F1D6595A69800A43CDE155B1E4A0 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx19
 
< MD5 for: SERVICES.ASFX2  >
[2010/11/16 05:02:36 | 000,000,264 | R--- | M] () MD5=0652D24D4E2799851A6DF1705E2BFFDA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx2
 
< MD5 for: SERVICES.ASFX20  >
[2010/11/16 05:02:38 | 000,000,231 | R--- | M] () MD5=C85F2519DC6AECF93F67AA613A320136 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx20
 
< MD5 for: SERVICES.ASFX21  >
[2010/11/16 05:02:26 | 000,000,231 | R--- | M] () MD5=8C95C0528EA7049A1DFC7A7342461D75 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx21
 
< MD5 for: SERVICES.ASFX22  >
[2010/11/16 05:02:24 | 000,000,231 | R--- | M] () MD5=9F2731666F5771CC5C1E4EEDC8FB8607 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx22
 
< MD5 for: SERVICES.ASFX23  >
[2010/11/16 05:02:26 | 000,000,225 | R--- | M] () MD5=0E89BE53F56B22390CF61584B649CE01 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx23
 
< MD5 for: SERVICES.ASFX24  >
[2010/11/16 05:02:32 | 000,000,229 | R--- | M] () MD5=E57594DB9B9D78AB4B53D34CAFEB8497 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx24
 
< MD5 for: SERVICES.ASFX25  >
[2010/11/16 05:02:36 | 000,000,232 | R--- | M] () MD5=611CB9CC21D2DDAD711690671F70EF39 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx25
 
< MD5 for: SERVICES.ASFX3  >
[2010/11/16 05:02:34 | 000,000,229 | R--- | M] () MD5=F9824728970AC8199BABDC9CBA5E038C -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx3
 
< MD5 for: SERVICES.ASFX4  >
[2010/11/16 05:02:26 | 000,000,226 | R--- | M] () MD5=55EA57D90AE22BDF0132597EF0D7C9C7 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx4
 
< MD5 for: SERVICES.ASFX5  >
[2010/11/16 05:02:34 | 000,000,233 | R--- | M] () MD5=846C265B751189E88B74F0155DB6B828 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx5
 
< MD5 for: SERVICES.ASFX6  >
[2010/11/16 05:02:36 | 000,000,231 | R--- | M] () MD5=89BD37C4118540FD5AA8CDD0C24D6C0A -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx6
 
< MD5 for: SERVICES.ASFX7  >
[2010/11/16 05:02:34 | 000,000,245 | R--- | M] () MD5=0B82FAB8FF5F988C5311DF1144A7D740 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx7
 
< MD5 for: SERVICES.ASFX8  >
[2010/11/16 05:02:34 | 000,000,231 | R--- | M] () MD5=5226417D3C8206000A8983BDC1243075 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx8
 
< MD5 for: SERVICES.ASFX9  >
[2010/11/16 05:02:30 | 000,000,234 | R--- | M] () MD5=EBD8D036504F2935675F5F432F076DBA -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.asfx9
 
< MD5 for: SERVICES.CFG  >
[2013/12/18 19:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2010/11/16 05:02:22 | 000,032,633 | R--- | M] () MD5=EA1C35DD541D60819D55482130BD585D -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744AA0000000010\10.0.0\services.cfg
 
< MD5 for: SERVICES.EXE  >
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/14 02:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
[2010/11/21 08:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 05:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
[2009/06/10 21:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof
 
< MD5 for: SERVICES.MSC  >
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
[2010/11/21 08:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
[2009/06/10 21:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
[2010/11/21 08:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/10 22:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc
 
< MD5 for: SERVICES.PTXML  >
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
[2009/07/13 21:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is Acer
 Volume Serial Number is B2D4-2987
 Directory of C:\
14/07/2009  06:08    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 Directory of C:\ProgramData
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users
14/07/2009  06:08    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
 Directory of C:\Users\All Users
14/07/2009  06:08    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009  06:08    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009  06:08    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009  06:08    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009  06:08    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009  06:08    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009  06:08    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009  06:08    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009  06:08    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009  06:08    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009  06:08    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009  06:08    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\AppData\Local
14/07/2009  06:08    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009  06:08    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009  06:08    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Default\Documents
14/07/2009  06:08    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009  06:08    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009  06:08    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\Kiosk
31/08/2012  00:19    <JUNCTION>     Application Data [C:\Users\Kiosk\AppData\Roaming]
31/08/2012  00:19    <JUNCTION>     Cookies [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Cookies]
31/08/2012  00:19    <JUNCTION>     Local Settings [C:\Users\Kiosk\AppData\Local]
31/08/2012  00:19    <JUNCTION>     My Documents [C:\Users\Kiosk\Documents]
31/08/2012  00:19    <JUNCTION>     NetHood [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
31/08/2012  00:19    <JUNCTION>     PrintHood [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
31/08/2012  00:19    <JUNCTION>     Recent [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Recent]
31/08/2012  00:19    <JUNCTION>     SendTo [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\SendTo]
31/08/2012  00:19    <JUNCTION>     Start Menu [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Start Menu]
31/08/2012  00:19    <JUNCTION>     Templates [C:\Users\Kiosk\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\Kiosk\AppData\Local
31/08/2012  00:19    <JUNCTION>     Application Data [C:\Users\Kiosk\AppData\Local]
31/08/2012  00:19    <JUNCTION>     History [C:\Users\Kiosk\AppData\Local\Microsoft\Windows\History]
31/08/2012  00:19    <JUNCTION>     Temporary Internet Files [C:\Users\Kiosk\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
 Directory of C:\Users\Kiosk\Documents
31/08/2012  00:19    <JUNCTION>     My Music [C:\Users\Kiosk\Music]
31/08/2012  00:19    <JUNCTION>     My Pictures [C:\Users\Kiosk\Pictures]
31/08/2012  00:19    <JUNCTION>     My Videos [C:\Users\Kiosk\Videos]
               0 File(s)              0 bytes
 Directory of C:\Users\PC WORLD
30/08/2012  23:21    <JUNCTION>     Application Data [C:\Users\PC WORLD\AppData\Roaming]
30/08/2012  23:21    <JUNCTION>     Cookies [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\Cookies]
30/08/2012  23:21    <JUNCTION>     Local Settings [C:\Users\PC WORLD\AppData\Local]
30/08/2012  23:21    <JUNCTION>     My Documents [C:\Users\PC WORLD\Documents]
30/08/2012  23:21    <JUNCTION>     NetHood [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
30/08/2012  23:21    <JUNCTION>     PrintHood [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
30/08/2012  23:21    <JUNCTION>     Recent [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\Recent]
30/08/2012  23:21    <JUNCTION>     SendTo [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\SendTo]
30/08/2012  23:21    <JUNCTION>     Start Menu [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\Start Menu]
30/08/2012  23:21    <JUNCTION>     Templates [C:\Users\PC WORLD\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
 Directory of C:\Users\PC WORLD\AppData\Local
30/08/2012  23:21    <JUNCTION>     Application Data [C:\Users\PC WORLD\AppData\Local]
30/08/2012  23:21    <JUNCTION>     History [C:\Users\PC WORLD\AppData\Local\Microsoft\Windows\History]
30/08/2012  23:21    <JUNCTION>     Temporary Internet Files [C:\Users\PC WORLD\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              60 Dir(s)  260,418,138,112 bytes free
 
< End of report >

  • 0

#4
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey,
it is Run 2 and because of that it didn't generated an Extras.txt. Please follow the steps below.
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Click the none Button
  • Change the following options:
    • Extra Registry > All
  • Click Run Scan to start OTL.
  • When OTL finishes scanning, Extras.txt will open
  • Copy (Ctrl+C) and Paste (Ctrl+V) the content of Extras.txt into your next post please.
Well done so far! ;)
  • 0

#5
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi,

 

Here is the Extras.txt

 


OTL Extras logfile created on: 03/05/2014 16:47:00 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC WORLD\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
7.84 Gb Total Physical Memory | 4.44 Gb Available Physical Memory | 56.61% Memory free
15.68 Gb Paging File | 12.75 Gb Available in Paging File | 81.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 680.54 Gb Total Space | 242.62 Gb Free Space | 35.65% Space Free | Partition Type: NTFS
Drive D: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: CATHERINE | User Name: PC WORLD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML.MKFZ2QNCMIIEY6QQQZW3UX5PQ4] -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- C:\PROGRA~2\MICROS~1\Office10\FRONTPG.EXE (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- C:\PROGRA~2\MICROS~1\Office10\FRONTPG.EXE (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09F65D67-80DC-4ABE-8773-ADF52B7179B4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2FC7F415-85DA-4E3D-BF96-195857A74E0C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{45B9D4E9-6D9C-40BF-9F93-0111D56D5E31}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{4DCA3CC8-49BF-4109-BC4C-A6712C328F2D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5E84CCDE-7561-4D4A-868D-0B3D5C49344C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{658445E4-BE31-4849-A116-41CD46314FAE}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{73970906-53A9-4243-8516-4FA8B485E962}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7CA658B2-B0D8-4C76-86ED-FEBF15708D40}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FC8C38B-C001-49BC-9828-5A6100FE930E}" = rport=137 | protocol=17 | dir=out | app=system | 
"{84FE85C0-B84C-4593-80D4-90019E4FF270}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8735D5B2-52F5-45AC-9CD9-DDD55E7AB2A8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{90AE07E6-9EE0-4CB4-8A49-F7F57EEAA94F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{92CFCDA0-AF69-49B8-A7FB-3CFB0172F5B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{95D6AA41-B6A6-4C7D-AFE3-1C9507D118A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99C146B4-C1E7-45DA-A818-0795C8007072}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9AF2D622-B703-4555-B5BB-5C06095FB8AD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9F53F5B1-F676-4EF0-9DC9-488A2DF1E399}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A211157D-41B2-46EA-946C-554211AF64E4}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A6B30CE8-9A4B-488D-9D38-FAC5F36E77AC}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{BC277E2A-B96F-45CB-974E-2354E02EDB74}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CBBC0860-BAF1-4A5C-9B2F-37E027840AFD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe | 
"{CEDFA3C5-CE19-43A6-B35F-6E6441148194}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{D25D21F9-F010-40FC-B1C8-66CEA113BF95}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{F09D0165-2B96-4721-BE3D-305920EB873E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0038EE23-C6C9-4C98-B7FB-A340356C6A8B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{03C2C34D-65EE-4F57-B8CD-E51D41D2B1E1}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{0C490A42-9A2D-4221-A95B-0A00B2C72CEF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{168045EC-B15B-4BCD-BE11-61973230B569}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{16BB239A-3B70-4279-962C-16F428665981}" = protocol=1 | dir=in | [email protected],-28543 | 
"{3206E29D-AB99-467B-BB1E-C26FF918EED8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{332C826B-922E-41E5-8A71-A4852DA289B0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3E597E59-4068-4B4A-ABE7-3C770D3EA88F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{43B3084E-7528-40EA-AF72-83BC9272D909}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{45E167C1-A6B1-433B-B509-F83A8754E14D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{4CC21F3C-59C7-4546-8942-F0AE4ACDAC8A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{532A2B8A-871B-4B1F-A66A-514BB2930A65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5ED6C5DF-F741-403B-BEDF-00C8E53B74D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{606032E8-D9B2-415A-B43A-F9FABE9BE42D}" = protocol=1 | dir=out | [email protected],-28544 | 
"{63F5601B-0E75-4290-B2AA-CBEA1772FC53}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{673A5FAD-046C-478F-8ECF-6BD4E9D2871A}" = dir=in | app=c:\program files\bonjour\mdnsresponder.exe\bonjour\mdnsresponder.exe | 
"{746820B8-19EB-4961-A196-AE7606DCA2F2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7BBBFDDD-4209-412C-9396-FB30AAF667DC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe | 
"{84E1ACB6-B4E2-4AFD-96D0-F9B6AAFADC04}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D881029-89F8-4B74-9CC9-3D7151A517FD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{918A7F70-042F-4FB5-B997-A9D4E8ADF4D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{98D2E902-49A2-4DD0-9889-7E3807D0163C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{9CAFF1B0-D32C-4B64-9B61-FF4606CA04B2}" = dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"{A38CB06C-739A-4CE3-AC6C-6FB27D800DF4}" = protocol=6 | dir=out | app=system | 
"{A3EB5A99-0821-46B5-B35F-6F016AF81A6F}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\ucmapi.exe | 
"{A7998B7A-48BB-4107-8102-E24DFAF3C179}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7C7A6B1-8839-4ACE-8197-6B8F71A2921D}" = protocol=6 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{A94969FF-7B1F-44B2-A1AA-C19915B6C7B1}" = protocol=58 | dir=out | [email protected],-28546 | 
"{AA02744A-713F-43CF-BA65-2FA785D5D245}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AE1E73D9-76BB-48FC-A146-F2C100B0CAFE}" = protocol=17 | dir=in | app=c:\users\pc world\appdata\roaming\bittorrent\bittorrent.exe | 
"{B3EEFD01-14C6-4383-9726-6A6638405ECC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B5880683-47C7-4C41-8BF4-5E831823E842}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3115A8C-28A6-4DD1-A5BE-459FA1512C59}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5177022-3544-41BA-8E1C-5BC374470381}" = protocol=6 | dir=in | app=c:\users\pc world\appdata\roaming\bittorrent\bittorrent.exe | 
"{D2CF14A0-AA21-4832-87AB-E9852DFF0674}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe | 
"{E4F930E0-302A-48E4-B815-5664C7452F12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5B42B51-6299-4EAC-8891-B4D177FD3B87}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E79B650F-4E76-457B-BB36-1BD814F02292}" = protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\lync.exe | 
"{ED87CA2C-8BAB-4CB8-96F6-4685424D0419}" = protocol=58 | dir=in | [email protected],-28545 | 
"{EE35BB2C-8C85-4E70-968F-6C2C9DE007D8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe | 
"{F7B86516-0286-43A2-BA93-D34BDCA6A7E1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{F8039126-ABEE-4D1F-81FA-C927A6468ED1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{FCF71B26-2459-4F34-955D-F3AE282E904A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{14FD69D0-3B87-404C-BEE1-6390CC1CA960}" = AVG 2014
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{4710662C-8204-4334-A977-B1AC9E547819}" = Broadcom Card Reader Driver Installer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{682EC6E8-A300-45FD-8F09-0F3A6EA334D6}" = Acer Instant Update Service
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom NetLink Controller
"{E061C7AF-1185-48E1-882A-68BA513CB244}" = AVG 2014
"AVG" = AVG 2014
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.6.9.9_WHQL
"ProPlusRetail - en-us" = Microsoft Office Professional Plus 2013 - en-us
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 51
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.9) MUI
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® OpenCL CPU Runtime
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Acer Registration" = Acer Registration
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AviSynth" = AviSynth 2.5
"Identity Card" = Identity Card
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"LManager" = Launch Manager
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26/07/2013 03:22:00 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:01 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:01 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:01 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:02 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:02 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:30 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:30 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:30 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 26/07/2013 03:22:31 | Computer Name = Catherine | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
[ Media Center Events ]
Error - 12/11/2012 03:30:35 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 07:30:30 - Error connecting to the internet.  07:30:30 -     Unable 
to contact server..  
 
Error - 27/11/2012 06:25:30 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 10:25:30 - Error connecting to the internet.  10:25:30 -     Unable 
to contact server..  
 
Error - 27/11/2012 06:26:07 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 10:26:02 - Error connecting to the internet.  10:26:02 -     Unable 
to contact server..  
 
Error - 30/11/2012 06:07:15 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 10:07:15 - Error connecting to the internet.  10:07:15 -     Unable 
to contact server..  
 
Error - 03/12/2012 05:51:42 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 09:51:42 - Error connecting to the internet.  09:51:42 -     Unable 
to contact server..  
 
Error - 03/12/2012 05:51:52 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 09:51:47 - Error connecting to the internet.  09:51:47 -     Unable 
to contact server..  
 
Error - 11/12/2012 03:11:11 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 07:11:11 - Error connecting to the internet.  07:11:11 -     Unable 
to contact server..  
 
Error - 11/12/2012 03:11:21 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 07:11:16 - Error connecting to the internet.  07:11:16 -     Unable 
to contact server..  
 
Error - 12/12/2012 06:00:50 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 10:00:49 - Error connecting to the internet.  10:00:49 -     Unable 
to contact server..  
 
Error - 12/12/2012 06:00:59 | Computer Name = Catherine | Source = MCUpdate | ID = 0
Description = 10:00:55 - Error connecting to the internet.  10:00:55 -     Unable 
to contact server..  
 
[ System Events ]
Error - 24/04/2014 04:41:41 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 24/04/2014 04:41:42 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 24/04/2014 04:41:43 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 24/04/2014 04:41:44 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 24/04/2014 04:41:45 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 24/04/2014 04:41:46 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 24/04/2014 04:41:56 | Computer Name = Catherine | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753635.
 
Error - 03/05/2014 04:40:06 | Computer Name = Catherine | Source = DCOM | ID = 10010
Description = 
 
Error - 03/05/2014 06:51:48 | Computer Name = Catherine | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Apple
 Mobile Device service to connect.
 
Error - 03/05/2014 06:51:48 | Computer Name = Catherine | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
 error:   %%1053
 
 
< End of report >
 

Edited by CatherineL2288, 03 May 2014 - 09:50 AM.

  • 0

#6
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hiya,
just a little bit Adware. Please move the OTL.exe to your Desktop. Well done! ;)

 

Step 1: P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: BitTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read this here. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer!

Step 2: SideBar Advice

In your logs I see that Windows SideBar is running! At the moment Windows SideBar has a security vulnerability and so I recommend you to disable it for a while. More information is here so far I noticed.

To disable Windows SideBar please follow the instructions below:
  • Download the FixIt from here to your Desktop
  • Double click on MicrosoftFixit50906.msi and follow the prompts to disable Windows SideBar and gadgets. Once finished, reboot your computer if not advised to do so.
Step 3: OTL Fix
  • Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.delta-sea...2D408EDB9EE5D79
    IE - HKU\S-1-5-21-2908051684-2934033797-294929725-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={DD1F5EE1-D12F-4ACE-9792-406470A94775}&mid=0aac9f823a2547d0a29d69c1a5eefdff-14c957ab72f0aa191aacbf5cbde84f56fa7d2a74&lang=en&ds=AVG&pr=fr&d=2012-10-15 13:39:54&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKCU\Software\MozillaPlugins\vitzo.com/VDownloader: C:\Program Files\VDownloader\Addons\npVDownloader.dll File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-2908051684-2934033797-294929725-1000..\Run: [AdobeBridge]  File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2014/04/20 12:06:50 | 000,000,000 | ---D | C] -- C:\Users\PC WORLD\AppData\Local\{F5F007C3-EB0A-4E15-9916-33118A75B68E}
    [2013/09/30 19:00:31 | 000,004,999 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
    [2013/03/20 10:16:57 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Babylon
    
    :Commands
    [RESETHOSTS]
    [EMPTYTEMP]
    
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.
Step 4: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 5: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 6: OTL QuickScan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 7: Question

How is the PC running?
  • 0

#7
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi

 

FixLog

 

All processes killed

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

Registry key HKEY_USERS\S-1-5-21-2908051684-2934033797-294929725-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.

Registry key HKEY_USERS\S-1-5-21-2908051684-2934033797-294929725-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\vitzo.com/VDownloader\ deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2908051684-2934033797-294929725-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

C:\Users\PC WORLD\AppData\Local\{F5F007C3-EB0A-4E15-9916-33118A75B68E} folder moved successfully.

C:\ProgramData\uxxadbmu.rlu moved successfully.

C:\Users\PC WORLD\AppData\Roaming\Babylon folder moved successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Kiosk

->Temp folder emptied: 11657535 bytes

->Temporary Internet Files folder emptied: 978423 bytes

->Flash cache emptied: 56757 bytes

 

User: PC WORLD

->Temp folder emptied: 6472611 bytes

->Temporary Internet Files folder emptied: 707119 bytes

->Java cache emptied: 539713 bytes

->Google Chrome cache emptied: 370993326 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 57092 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3168815 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 129595 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 377.00 mb

 

 

OTL by OldTimer - Version 3.2.69.0 log created on 05032014_171152

 

Files\Folders moved on Reboot...

File\Folder C:\Users\PC WORLD\AppData\Local\Temp\etilqs_azbcNaeBAaccOWL not found!

C:\Users\PC WORLD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\PC WORLD\AppData\Local\Temp\MMDUtl.log moved successfully.

C:\Users\PC WORLD\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.

C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.

C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.

C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.

C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.

C:\Windows\temp\CATHERINE-20140503-1709.log moved successfully.

File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.

File\Folder C:\Windows\temp\officeclicktorun.exe_c2ruidll(20140503170936748).log not found!

File\Folder C:\Windows\temp\officeclicktorun.exe_streamserver(20140503170936748).log not found!

File move failed. C:\Windows\temp\ood_stream.x86.en-us.dat scheduled to be moved on reboot.

File move failed. C:\Windows\temp\ood_stream.x86.x-none.dat scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

 

 

AdwCleaner Log

 

# AdwCleaner v3.205 - Report created 03/05/2014 at 17:19:59

# Updated 28/04/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : PC WORLD - CATHERINE

# Running from : C:\Users\PC WORLD\Desktop\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\PC WORLD\AppData\LocalLow\Conduit

File Deleted : C:\END

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\driverscanner

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\avg-secure-search-installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKCU\Software\948addb635e446

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_imdb-grab_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_imdb-grab_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKCU\Software\AVG Nation toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKCU\Software\wscontb

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKLM\Software\AVG Nation toolbar

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\DataMngr

Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17041

 

 

-\\ Google Chrome v

 

[ File : C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted [Extension] : niapdbllcanepiiimjjndipklodoedlc

 

*************************

 

AdwCleaner[R0].txt - [3610 octets] - [03/05/2014 17:18:21]

AdwCleaner[S0].txt - [3423 octets] - [03/05/2014 17:19:59]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3483 octets] ##########

 

 

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 7 Home Premium x64

Ran by PC WORLD on 03/05/2014 at 17:24:43.38

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2908051684-2934033797-294929725-1000\Software\sweetim

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\babylon"

Successfully deleted: [Folder] "C:\ProgramData\tarma installer"

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{00BFD7DA-8113-4934-81F9-6F1CC542281F}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{03ACF249-B341-40E8-AD5A-F7F26BCF861A}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{0539C3E7-0AE4-4810-A1F5-616B6C854206}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{07C9ADE5-98E8-4A58-9551-37E1722C4EAC}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{0B745D98-7241-402A-AFF9-BD7C426AB448}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{0CA1D094-2EF7-4E53-AAC2-86C4BD3EAC3E}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{27B2425D-4048-4BA3-A8C2-5189A0CCF6B2}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{2B1CDD63-1F2B-45BC-8D76-64FDB8FBF17F}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{2E03551A-ACF2-439B-83B0-234148D13A11}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{33651C3E-E3A4-40F0-8971-4F2C7BDD705F}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{344F9C1D-F021-4738-9CB8-203D731E503D}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{37B33230-14CE-46E1-B3D9-E04B5FDCE098}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{48917FD7-FC03-4EEF-A248-51469896C9BB}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{4DADC21D-A2CC-4B38-A29B-583BBC905616}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{533F8DEF-9E0F-49D8-B7C8-5DD594C68567}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{5B778920-24EB-4283-913B-E71B3B801BB1}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{66A79A69-9D91-48C5-A4FC-ABA660004343}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{6AEC2776-FEBD-4288-9A46-8A2FD4F3D653}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{6B18B2C8-1529-4863-AF04-5CD3F3139CBF}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{7C347DE1-13CE-4DA2-B633-61E590510A11}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{7E1AD8DC-1E55-480C-BEF8-B2D0C3A3CED6}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{88BA3C8E-13DA-457B-BE25-B68C149B57EC}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{8F6904F7-92DE-48E4-A548-7A9379E09C76}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{9198776C-21A5-4E63-862F-E30D31874B4E}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{97ADF864-DA7C-4FC0-8171-678E47354938}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{9BDFAA40-57CE-43D3-AEBD-D4C947DD901B}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{A440D3BE-DCE7-43C2-9EDF-D28232096E1F}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{AD587766-5AFA-49BF-ABA0-C20DF1F7823E}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{B95D3A74-17B5-4AF7-9850-750B3C9C99BE}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{C2A8066F-58EC-45A1-BB2C-B5DEEDC13222}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{C984CF43-C81F-49B3-AFD6-715EFD37AFB8}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{CEA96450-A37A-4859-804B-A45B8F5DF61B}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{D87B04DB-C496-4CE5-80E9-ACB2BC390A3F}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{D8F6A182-71D9-4D13-A0E6-F82995340439}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{D9950A9D-6CE5-4B3A-BE2E-C0BC2CA6D6FE}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{DA87FE2B-BBAF-4748-8937-CBD31978E927}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{E0778C10-47FC-42D5-A925-AD98122260BF}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{E25BDB13-FBC5-47B3-A7DC-D41A69EA9220}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{E55A2044-063B-48AA-B137-00685BDA912B}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{E5AE880A-28A2-483D-8F47-CDE9F289F533}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{F0A55DB6-6885-467B-85DC-411D3CC9C91C}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{F7B0D723-A329-4367-A27B-9C2F3BD3FAE1}

Successfully deleted: [Empty Folder] C:\Users\PC WORLD\appdata\local\{FDCFBBDE-A212-4320-9271-4F51FE795870}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 03/05/2014 at 17:31:43.50

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

OTL.txt

 

OTL logfile created on: 03/05/2014 17:34:04 - Run 4

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC WORLD\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.11.9600.17041)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

7.84 Gb Total Physical Memory | 5.70 Gb Available Physical Memory | 72.70% Memory free

15.68 Gb Paging File | 13.32 Gb Available in Paging File | 84.94% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 680.54 Gb Total Space | 242.20 Gb Free Space | 35.59% Space Free | Partition Type: NTFS

Drive D: | 7.73 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

 

Computer Name: CATHERINE | User Name: PC WORLD | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2014/05/03 16:13:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC WORLD\Desktop\OTL.exe

PRC - [2014/04/12 10:43:56 | 001,923,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE

PRC - [2014/04/06 21:21:36 | 005,180,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe

PRC - [2014/04/02 23:06:01 | 000,228,744 | ---- | M] (Google Inc.) -- C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.23.9\GoogleCrashHandler.exe

PRC - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

PRC - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/10/31 15:30:24 | 000,719,872 | ---- | M] () -- C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe

PRC - [2012/10/25 22:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe

PRC - [2012/04/06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

PRC - [2012/04/06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

PRC - [2012/03/23 10:33:48 | 000,419,408 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe

PRC - [2012/03/23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe

PRC - [2012/03/23 10:33:46 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe

PRC - [2012/03/23 10:33:44 | 001,105,488 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe

PRC - [2012/02/29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

PRC - [2012/02/27 12:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012/02/08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2012/02/08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2012/02/08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

PRC - [2012/02/02 00:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012/01/05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

PRC - [2012/01/05 22:21:44 | 000,296,984 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2014/04/24 01:33:13 | 000,390,472 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

MOD - [2014/04/24 01:33:10 | 004,081,480 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll

MOD - [2014/04/24 01:33:05 | 000,674,632 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll

MOD - [2014/04/24 01:33:04 | 000,093,000 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll

MOD - [2014/04/24 01:33:03 | 001,647,432 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll

MOD - [2014/04/24 01:33:01 | 000,065,352 | ---- | M] () -- C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll

MOD - [2014/04/12 10:48:43 | 000,940,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Interop.Word\15.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll

MOD - [2014/04/12 10:43:02 | 000,316,584 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll

MOD - [2014/02/15 12:23:20 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualStu#\edcc09db338760fe3b095c606c5a7fc1\Microsoft.VisualStudio.Tools.Applications.Runtime.ni.dll

MOD - [2014/02/15 12:12:42 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll

MOD - [2014/02/15 12:12:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll

MOD - [2014/02/15 12:12:22 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll

MOD - [2014/02/15 12:11:45 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll

MOD - [2014/02/15 12:11:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll

MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2014/02/12 20:58:10 | 000,237,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll

MOD - [2013/12/04 14:30:48 | 000,377,344 | ---- | M] () -- C:\Program Files (x86)\Appandora\DuiLib.dll

MOD - [2013/10/31 15:30:24 | 000,719,872 | ---- | M] () -- C:\Program Files (x86)\Appandora\AppandoraDeviceService.exe

MOD - [2013/09/22 12:03:24 | 000,526,848 | ---- | M] () -- C:\Program Files (x86)\Appandora\sqlite3.dll

MOD - [2013/09/22 12:03:24 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Appandora\zlib.dll

MOD - [2012/12/12 23:11:42 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.Office.Tools.Common\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Office.Tools.Common.dll

MOD - [2012/04/06 20:29:22 | 000,022,120 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

MOD - [2012/04/06 20:29:20 | 000,040,552 | ---- | M] () -- C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

MOD - [2012/01/05 22:22:36 | 000,465,344 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2014/03/30 03:43:28 | 002,211,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe -- (ClickToRunSvc)

SRV:64bit: - [2014/03/06 09:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)

SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2012/06/20 00:14:28 | 000,048,128 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE -- (wltrysvc)

SRV:64bit: - [2012/04/05 16:48:02 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)

SRV:64bit: - [2012/03/21 13:03:16 | 000,957,216 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2012/02/07 17:53:48 | 000,871,296 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)

SRV:64bit: - [2012/02/02 22:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®

SRV - [2014/04/29 13:21:26 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/04/18 15:22:28 | 003,645,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)

SRV - [2014/03/27 22:10:20 | 000,291,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)

SRV - [2013/12/18 11:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2012/10/25 22:39:50 | 002,449,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)

SRV - [2012/06/20 00:20:54 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2012/04/23 05:25:32 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/03/23 10:33:46 | 000,355,920 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)

SRV - [2012/02/29 14:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)

SRV - [2012/02/08 03:03:36 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012/02/08 03:03:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012/02/08 03:03:16 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)

SRV - [2012/02/02 00:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012/01/05 22:22:10 | 000,256,536 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)

SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)

DRV:64bit: - [2014/03/31 16:20:54 | 000,274,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)

DRV:64bit: - [2014/03/31 16:06:26 | 000,130,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)

DRV:64bit: - [2014/03/27 22:14:26 | 000,192,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)

DRV:64bit: - [2014/03/27 22:14:24 | 000,153,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)

DRV:64bit: - [2014/03/27 22:07:10 | 000,236,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)

DRV:64bit: - [2014/03/27 22:05:02 | 000,324,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)

DRV:64bit: - [2014/03/27 22:03:16 | 000,032,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)

DRV:64bit: - [2013/10/02 03:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/07/17 19:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2012/06/20 00:14:28 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)

DRV:64bit: - [2012/06/20 00:14:27 | 004,746,304 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2012/06/20 00:14:26 | 000,021,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)

DRV:64bit: - [2012/05/03 22:59:06 | 000,081,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)

DRV:64bit: - [2012/03/27 03:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/03/21 22:23:22 | 000,594,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)

DRV:64bit: - [2012/03/21 22:23:22 | 000,163,368 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)

DRV:64bit: - [2012/03/21 22:23:18 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2012/03/21 22:23:18 | 000,184,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2012/03/21 22:23:18 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2012/03/21 22:23:18 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2012/03/07 14:48:20 | 000,238,384 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/27 12:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012/02/27 12:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012/02/27 12:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012/02/14 13:33:08 | 000,412,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2012/02/14 13:33:02 | 000,022,800 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver.sys -- (SmbDrv)

DRV:64bit: - [2012/02/07 07:03:06 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)

DRV:64bit: - [2012/02/07 07:03:06 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)

DRV:64bit: - [2012/02/02 00:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012/01/19 00:30:42 | 000,435,240 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)

DRV:64bit: - [2011/12/06 12:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011/11/04 10:21:38 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)

DRV:64bit: - [2011/11/04 10:21:36 | 000,068,648 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)

DRV:64bit: - [2011/09/02 14:36:58 | 000,051,752 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)

DRV:64bit: - [2011/07/14 06:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/07/14 06:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010/11/21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yah...r=spigot-yhp-ie

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{DC6B57E2-958C-4A11-969C-B973E43D25DE}: "URL" = http://uk.search.yah...p={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

========== FireFox ==========

 

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PC WORLD\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\VDownloader\Addons\FireFox

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

 

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.co.uk/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll

CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Google Update (Enabled) = C:\Users\PC WORLD\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: Hola Better Internet = C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio\1.3.233_0\

CHR - Extension: Google Wallet = C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\

CHR - Extension: Battlefield Play4Free = C:\Users\PC WORLD\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\

 

O1 HOSTS File: ([2014/05/03 17:12:43 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1       localhost

O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O4:64bit: - HKLM..\Run: [ALU] C:\Program Files\Acer\Acer Updater\ALU.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)

O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [InstantUpdate] C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuDaemon.exe ()

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)

O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKCU..\Run: [BitTorrent] C:\Users\PC WORLD\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)

O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A1BA7CB3-0340-45D3-8C57-4991493C3391}: DhcpNameServer = 194.168.4.100 194.168.8.100

O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found

O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found

O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found

O18:64bit: - Protocol\Handler\osf - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2014/05/03 17:24:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2014/05/03 17:18:45 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll

[2014/05/03 17:18:19 | 000,000,000 | ---D | C] -- C:\AdwCleaner

[2014/05/03 17:11:52 | 000,000,000 | ---D | C] -- C:\_OTL

[2014/05/03 16:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2014/05/03 16:21:13 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

[2014/05/03 16:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2014/05/03 16:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2014/05/03 16:13:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PC WORLD\Desktop\OTL.exe

[2014/05/03 11:54:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2014/04/18 15:01:56 | 000,237,336 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

[2014/04/06 21:14:23 | 000,000,000 | ---D | C] -- C:\Users\PC WORLD\AppData\Roaming\Appandora

[2014/04/06 21:14:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Appandora

[2013/08/07 21:24:02 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\PC WORLD\AppData\Roaming\pcouffin.sys

 

========== Files - Modified Within 30 Days ==========

 

[2014/05/03 17:28:39 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/05/03 17:28:39 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/05/03 17:21:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2014/05/03 17:21:16 | 2018,791,423 | -HS- | M] () -- C:\hiberfil.sys

[2014/05/03 17:12:43 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2014/05/03 17:12:36 | 001,310,621 | ---- | M] () -- C:\Users\PC WORLD\Desktop\AdwCleaner.exe

[2014/05/03 17:11:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908051684-2934033797-294929725-1000UA.job

[2014/05/03 17:07:01 | 000,984,576 | ---- | M] () -- C:\Users\PC WORLD\Desktop\MicrosoftFixit50906.msi

[2014/05/03 16:21:49 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/05/03 16:21:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2014/05/03 16:13:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC WORLD\Desktop\OTL.exe

[2014/05/02 23:11:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2908051684-2934033797-294929725-1000Core.job

[2014/04/30 21:30:07 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2014/04/23 21:22:18 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2014/04/23 21:22:18 | 000,667,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2014/04/23 21:22:18 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2014/04/18 15:01:56 | 000,237,336 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys

 

========== Files Created - No Company Name ==========

 

[2014/05/03 17:12:30 | 001,310,621 | ---- | C] () -- C:\Users\PC WORLD\Desktop\AdwCleaner.exe

[2014/05/03 17:07:01 | 000,984,576 | ---- | C] () -- C:\Users\PC WORLD\Desktop\MicrosoftFixit50906.msi

[2014/05/03 16:21:49 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2014/05/03 16:20:32 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

[2013/11/24 12:48:18 | 000,000,376 | ---- | C] () -- C:\Windows\wininit.ini

[2013/09/30 18:52:11 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2013/09/30 18:52:11 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2013/08/07 21:24:02 | 000,099,384 | ---- | C] () -- C:\Users\PC WORLD\AppData\Roaming\inst.exe

[2013/08/07 21:24:02 | 000,007,859 | ---- | C] () -- C:\Users\PC WORLD\AppData\Roaming\pcouffin.cat

[2013/08/07 21:24:02 | 000,001,167 | ---- | C] () -- C:\Users\PC WORLD\AppData\Roaming\pcouffin.inf

[2013/01/11 13:56:32 | 000,060,116 | ---- | C] () -- C:\Users\PC WORLD\Downloads-2.(null)

[2013/01/11 13:56:29 | 000,060,116 | ---- | C] () -- C:\Users\PC WORLD\Downloads-1.(null)

[2012/12/28 15:11:54 | 000,001,069 | ---- | C] () -- C:\Users\PC WORLD\Music - Shortcut.lnk

[2012/11/01 18:44:47 | 000,000,000 | ---- | C] () -- C:\Users\PC WORLD\AppData\Local\~wmrg

[2012/09/28 17:17:31 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2012/09/21 21:29:19 | 000,000,036 | ---- | C] () -- C:\Windows\avgui.INI

[2012/06/20 00:12:45 | 000,766,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/05/14 11:29:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/05/14 11:29:51 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2012/05/14 11:29:34 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/05/14 11:29:34 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2012/05/14 11:29:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

 

========== ZeroAccess Check ==========

 

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2014/04/06 21:19:20 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Appandora

[2013/10/08 19:58:45 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\AVG2014

[2014/05/03 17:21:55 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\BitTorrent

[2014/01/17 23:12:35 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\BitTorrent Sync

[2012/12/02 14:09:57 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012/11/01 18:52:29 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\GrabPro

[2013/08/07 21:33:46 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\iDealshare VideoGo

[2013/11/15 17:32:20 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\iMobie

[2014/03/21 15:21:45 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Leadertech

[2014/03/21 21:42:13 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Lunaweb

[2013/09/30 20:13:49 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\MOVAVI

[2014/03/10 21:55:25 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Naturalsoft

[2013/03/20 10:19:30 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Orbit

[2013/11/25 05:17:52 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Origin

[2012/10/16 11:06:43 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\ProgSense

[2012/08/30 23:26:06 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Screensaver

[2012/09/21 20:22:52 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\TuneUp Software

[2013/02/01 18:06:54 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Unity

[2013/09/30 18:52:59 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\VideoEditor

[2013/08/07 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\PC WORLD\AppData\Roaming\Vso

 

========== Purity Check ==========

 

 

 

< End of report >

 

Unfortunately on restarting my AntiVirus this appeared on screen.n3vzi0.png


  • 0

#8
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey, :)

These are all False Positives, that means, that all these files are clean.

Step 1: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 2: ESET

Please disable your AntiVirus before doing these steps!
  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here
How to do this?
  • Visit this website here
  • You will see a screen like this:

    e922iil8.png
    • Click Run ESET Online Scanner

      4e3svhbd.png
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      p35jbmyy.png
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      p3b9meru.png
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step 3: Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#9
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

I do not use or have  Internet Explorer or FireFox do I still need to do step 2?


  • 0

#10
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey,
 

Internet Explorer (Version = 9.11.9600.17041)

You have Internet Explorer installed. Here are 5 ways on how to open Internet Explorer.
  • 0

Advertisements


#11
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 03/05/2014
Scan Time: 18:59:26
Logfile: g.txt
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.05.03.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: PC WORLD
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292155
Time Elapsed: 44 min, 24 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 1
Hijack.FolderOptions, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [80808c748878af5188f6c736c43e7a86]
 
Registry Data: 9
PUM.Hijack.Run, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoRun, 1, Good: (0), Bad: (1),Replaced,[1de3bf4133cd3bc5efa4b480df2537c9]
PUM.Hijack.Regedit, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[916f43bd0ef28c7495fb54e056ae46ba]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispScrSavPage, 1, Good: (0), Bad: (1),Replaced,[8080d828e51bf60a6caaa09408fc7d83]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispCPL, 1, Good: (0), Bad: (1),Replaced,[57a9ae522dd3a15fe33183b124e049b7]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispBackgroundPage, 1, Good: (0), Bad: (1),Replaced,[19e7f20ebc442cd49f74b480be46cf31]
PUM.Hijack.DisplayProperties, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|NoDispAppearancePage, 1, Good: (0), Bad: (1),Replaced,[619fbd43d42c40c06aa76cc8788c35cb]
PUM.Hijack.TaskManager, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[51afc33d07f949b7e111e0550afae11f]
PUM.Hijack.HomePageControl, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL|HomePage, 1, Good: (0), Bad: (1),Replaced,[41bfa35d946c8d7398c389aa0df7867a]
PUM.Hijack.CMDPrompt, HKU\S-1-5-21-2908051684-2934033797-294929725-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\POLICIES\MICROSOFT\WINDOWS\SYSTEM|DisableCMD, 1, Good: (0), Bad: (1),Replaced,[12eef60aa957d828d5350c28c44011ef]
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 

ESETLog
 
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=caddc9d9712add43b7da1f0fad468815
# engine=18126
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-03 07:37:08
# local_time=2014-05-03 08:37:08 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 25566178 151610878 0 0
# scanned=222999
# found=0
# cleaned=0
# scan_time=5436
 
Security Check
 
 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
AVG AntiVirus Free Edition 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 51  
 Java version out of Date! 
 Adobe Flash Player 13.0.0.206  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Google Chrome 34.0.1847.116  
 Google Chrome 34.0.1847.131  
 Google Chrome Plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log`````````````````````` 

  • 0

#12
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hello,
in my opinion your PC is clean.

We need to remove the tools we've used during cleaning your machine
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :
Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • When its finished, go back to JavaRa, and click Back
  • Click on Update Java Runtime and then select Download and install latest version.
  • Press Next
  • Press Java Manual Download.
  • A browser window will open with the Java download page.
  • Click the Windows offline link to download Java.
  • Run the installer.
  • Close JavaRa
Please also update:
  • Adobe Reader
 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0

#13
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi,
 
DelFix Log
 
# DelFix v10.7 - Logfile created 03/05/2014 at 21:11:53
# Updated 27/04/2014 by Xplode
# Username : PC WORLD - CATHERINE
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Users\PC WORLD\Downloads\JavaRa-2.6.zip
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #184 [Scheduled Checkpoint | 04/28/2014 06:39:21]
Deleted : RP #185 [Windows Update | 05/02/2014 15:30:42]
Deleted : RP #186 [Restore Operation | 05/03/2014 08:39:03]
Deleted : RP #187 [Removed Apple Application Support | 05/03/2014 10:50:25]
Deleted : RP #188 [Removed Apple Mobile Device Support | 05/03/2014 10:52:18]
Deleted : RP #189 [Removed Apple Software Update | 05/03/2014 10:52:58]
Deleted : RP #190 [Installed iTunes | 05/03/2014 15:20:35]
Deleted : RP #191 [OTL Restore Point - 03/05/2014 16:24:34 | 05/03/2014 15:24:34]
Deleted : RP #192 [Installed Microsoft Fix it 50906 | 05/03/2014 16:07:07]
Deleted : RP #193 [Installed Microsoft Fix it 50906 | 05/03/2014 16:07:39]
Deleted : RP #194 [OTL Restore Point - 03/05/2014 17:12:05 | 05/03/2014 16:12:10]
Deleted : RP #195 [Windows Update | 05/03/2014 19:51:38]
 
New restore point created !
 
########## - EOF - ##########
 
Thank you for all your help! I hope this has eradicated the problem that I had. 

  • 0

#14
Machiavelli

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 3,698 posts
Hey,
 

hope this has eradicated the problem that I had.

The message from your first post (from AVG) is a false positive. That means that the file(s) is/are in real good. You should be able to set the file which will be always detected by AVG on the exception list, how to do this look here.

Any more questions?
  • 0

#15
CatherineL2288

CatherineL2288

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Thanks for everything!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP