Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unable to delete startup entry [Solved]

Started by xxmaxixx , May 04 2014 12:57 AM

Auto It EXE

This topic is locked

#1
xxmaxixx

Posted 04 May 2014 - 12:57 AM

Member

Member
108 posts

As attached. My AV tend to block the application linked from autoIt.exe/ google update each time i boot. I can't seem to remove due unable to locate listed files. Intend to remove files listed below. Thanks in advance.

"C:\Google\AutoIt3.exe /AutoItExecuteScript C:\Google\autoupdate.a3x

C:\GoogleUpdate.lnk

C:\googleupdate.vbs

C:\googleupdate.vbs"

Attached Thumbnails

#2
Machiavelli

Posted 04 May 2014 - 10:45 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello and Welcome on board xxmaxixx :welcome:

,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:

Removing Malware is usually very difficult.
We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
Please follow these instructions
If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
Please stay in contact with me until your problem is resolved
As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
Read my post completely
If you don't do so, you may make mistakes that could result in your System crashing by your own actions!

Let's get a overlook over your system.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.

Download Mirror #1

Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the box in OTL. To do that:
- Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
mpsvc.dll
winsock.*
rpcss.dll
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT
Open on the desktop. To do that:
- XP users: Double click on the OTL icon.
- Vista / 7 Users: Right click on the icon and click Run as Administrator)
Make sure all other windows are closed.
- You will see a console like the one below:
  - Click the box beside Scan All Users at the top of the console
  - If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
  - Make sure the Output box at the top is set to Standard Output.
  - Check the boxes beside LOP Check and Purity Check.
  - Make sure that Use Safe List is checked under Extra Registry.
  - Place the mouse pointer inside the box, right click and click Paste. This will put the above script inside OTL
  - Click the button. Do not change any settings unless otherwise told to do so.
  - Let the scan run uninterrupted.
  - When the scan completes, it will open OTL.Txt on the desktop.
  - Please copy the contents of these files and paste it into your reply. To do that:
    - On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
    - Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
  - Please do the same for the Extras.txt

#3
xxmaxixx

Posted 06 May 2014 - 04:05 PM

Member

Topic Starter
Member
108 posts

Hi Machiavelli.

OTL logfile created on: 5/6/2014 11:39:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ajba\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1013.10 Mb Total Physical Memory | 375.23 Mb Available Physical Memory | 37.04% Memory free
1.99 Gb Paging File | 0.88 Gb Available in Paging File | 43.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.78 Gb Total Space | 158.72 Gb Free Space | 71.89% Space Free | Partition Type: NTFS

Computer Name: AJBA-PC | User Name: ajba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/02 00:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
PRC - [2014/05/02 00:20:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 00:04:08 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/04/12 02:17:18 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 10:21:49 | 003,821,136 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/08/02 08:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 13:32:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/10 13:31:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/10/10 13:31:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/10/10 13:31:28 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/10 13:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/10/10 13:31:27 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012/09/27 13:59:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/06/28 10:46:07 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 23:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/12 16:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/07 15:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/10/03 09:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/03 09:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/10/01 06:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/10/01 06:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/10/01 06:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/09/10 21:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/24 10:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/08/04 13:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 07:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 18:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 10:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 11:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/02 00:20:09 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/04/30 00:04:07 | 016,351,920 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/03 09:48:42 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Services (SafeList) ==========

SRV - [2014/05/02 00:20:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 00:04:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/10/10 13:32:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/10 13:31:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/10/10 13:31:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/10/10 13:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/10 13:31:27 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012/08/06 17:33:56 | 000,605,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Mobile Partner\eap\wifimansvc.exe -- (wifimansvc)
SRV - [2012/06/28 10:46:07 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009/10/03 09:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/10/01 06:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 21:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/24 10:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 18:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/04 10:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/05 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2013/11/28 08:24:18 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/01/23 10:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2013/01/23 10:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012/10/17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/10/10 14:05:28 | 000,112,584 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012/10/10 14:05:28 | 000,092,008 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012/09/27 13:59:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/27 13:59:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/27 13:59:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/06 11:50:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/06/06 09:18:34 | 000,377,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/06/06 09:18:34 | 000,202,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/06/06 09:18:34 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/06/06 09:18:34 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/06/06 09:18:34 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/06/06 09:18:34 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/06/06 09:18:34 | 000,070,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/06/06 09:18:34 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/06/06 09:18:34 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/12 16:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/23 15:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/04 13:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/08/07 18:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/06/02 19:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 19:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 19:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...94wwk5w4462r119
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...94wwk5w4462r119
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enSG371SG371
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DoesAmazonShipTo%40usefulhelper.com:3.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.746
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: [email protected]:7.3.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ajba\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ajba\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/02 00:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\ajba\AppData\Roaming\IDM\idmmzcc5 [2013/12/27 21:49:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/02 00:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\ajba\AppData\Roaming\IDM\idmmzcc5 [2013/12/27 21:49:35 | 000,000,000 | ---D | M]

[2010/04/27 07:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Extensions
[2014/04/18 20:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\extensions
[2014/04/18 20:54:06 | 000,012,026 | ---- | M] () (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\extensions\[email protected]
[2014/05/02 00:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/02 00:20:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\Application\30.0.1599.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ajba\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/10/07 19:28:58 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [Mobile Partner] C:\Program Files\MobileWiFi\MobileWiFi.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0749BF79-8F63-494E-98EB-15AC1D8EDA96}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{447E6596-9381-4BAB-A5C7-3C22EC718380}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56C5CAF8-CB53-463C-BB94-B5067A557FFA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8354670C-EEFD-4C27-AD49-683B6C1067B2}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{890BF8CC-A03E-432D-AAC5-CA4845485612}: NameServer = 203.116.1.94 203.116.254.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E911FC69-4C5B-4B8E-8B55-8C60BE7E584C}: DhcpNameServer = 202.65.247.31 202.65.244.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E911FC69-4C5B-4B8E-8B55-8C60BE7E584C}: NameServer = 202.65.247.31 202.65.244.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D5066E-4BA9-4B92-AA64-F735228CAF9F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/05/03 13:36:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/02 06:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/02 00:28:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
[2014/05/02 00:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/18 22:01:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/18 22:01:01 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/18 22:01:01 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/18 22:01:01 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/13 22:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/13 22:54:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/13 22:54:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/13 22:54:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/13 22:54:44 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/13 22:54:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/04/13 22:54:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/06 06:10:06 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2014/05/06 23:34:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 23:34:16 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 23:25:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/06 23:25:33 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/06 07:02:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2795788979-175850703-175300515-1000UA.job
[2014/05/06 06:57:24 | 000,664,780 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/06 06:57:24 | 000,125,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/04 15:03:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/02 04:02:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2795788979-175850703-175300515-1000Core.job
[2014/05/02 00:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
[2014/05/02 00:25:08 | 000,001,994 | ---- | M] () -- C:\Users\ajba\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/30 00:23:03 | 000,002,325 | ---- | M] () -- C:\Users\ajba\Desktop\Google Chrome.lnk
[2014/04/30 00:04:08 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 00:04:08 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 18:07:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2013/10/19 09:03:21 | 000,145,152 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/25 02:57:08 | 000,000,218 | ---- | C] () -- C:\Users\ajba\.recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/31 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\ajba\AppData\Roaming\.#
[2014/05/06 07:02:18 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\DMCache
[2011/01/28 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\FXTS2
[2010/03/18 04:25:47 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\GameConsole
[2012/03/25 02:52:21 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\gtk-2.0
[2012/11/05 00:45:11 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\IDM
[2012/10/13 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Juniper Networks
[2013/12/25 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Nokia
[2012/03/25 02:47:35 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Participatory Culture Foundation
[2011/03/10 01:17:54 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\PC Suite
[2012/03/25 02:57:08 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\PCF-VLC
[2012/10/13 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 09:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 12:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 09:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 20:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 20:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/25 08:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 09:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 05:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 12:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 20:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 13:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 09:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 09:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 09:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 20:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 09:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 09:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 09:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 09:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/04 00:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 09:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 18:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 13:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/25 08:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 09:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 20:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 09:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/25 08:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 09:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 20:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 20:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 20:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 20:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 12:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 20:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 20:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 20:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 20:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 20:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 20:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 20:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 20:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 09:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 20:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 09:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 20:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MPSVC.DLL >
[2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpSvc.dll
[2013/05/27 12:29:30 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=0A4C23D8D5B7A376C6C51EC72F3CB8AA -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpSvc.dll
[2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll
[2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll
[2013/05/27 12:30:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=7F7161507C1FDBDAB71941D3BA9636B6 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpSvc.dll
[2013/05/27 12:58:00 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=8988FAC76FD9178180FE2C8C2C7A4C03 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpSvc.dll

< MD5 for: QMGR.DLL >
[2009/07/14 09:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 20:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 20:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/14 09:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES >
[2009/06/11 05:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 05:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2013/12/19 02:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 10:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 10:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 12:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 12:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 05:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 05:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 04:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 04:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 13:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/14 05:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/14 05:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/14 05:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 7460-01D9
Directory of C:\
14/07/2009 12:53 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 12:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 12:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 12:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 12:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
14/07/2009 12:53 PM    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009 12:53 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\ajba
14/03/2010 10:03 PM    <JUNCTION>     Application Data [C:\Users\ajba\AppData\Roaming]
14/03/2010 10:03 PM    <JUNCTION>     Cookies [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Cookies]
14/03/2010 10:03 PM    <JUNCTION>     Local Settings [C:\Users\ajba\AppData\Local]
14/03/2010 10:03 PM    <JUNCTION>     My Documents [C:\Users\ajba\Documents]
14/03/2010 10:03 PM    <JUNCTION>     NetHood [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/03/2010 10:03 PM    <JUNCTION>     PrintHood [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/03/2010 10:03 PM    <JUNCTION>     Recent [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Recent]
14/03/2010 10:03 PM    <JUNCTION>     SendTo [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\SendTo]
14/03/2010 10:03 PM    <JUNCTION>     Start Menu [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Start Menu]
14/03/2010 10:03 PM    <JUNCTION>     Templates [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\ajba\AppData\Local
14/03/2010 10:03 PM    <JUNCTION>     Application Data [C:\Users\ajba\AppData\Local]
14/03/2010 10:03 PM    <JUNCTION>     History [C:\Users\ajba\AppData\Local\Microsoft\Windows\History]
14/03/2010 10:03 PM    <JUNCTION>     Temporary Internet Files [C:\Users\ajba\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\ajba\Documents
14/03/2010 10:03 PM    <JUNCTION>     My Music [C:\Users\ajba\Music]
14/03/2010 10:03 PM    <JUNCTION>     My Pictures [C:\Users\ajba\Pictures]
14/03/2010 10:03 PM    <JUNCTION>     My Videos [C:\Users\ajba\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 12:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 12:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 12:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 12:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 12:53 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 12:53 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 12:53 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009 12:53 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 12:53 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 12:53 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 12:53 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 12:53 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009 12:53 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 12:53 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 12:53 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009 12:53 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009 12:53 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 12:53 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009 12:53 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009 12:53 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s) 170,235,203,584 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1F04E8D

< End of report >

OTL logfile created on: 5/6/2014 11:39:50 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ajba\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1013.10 Mb Total Physical Memory | 375.23 Mb Available Physical Memory | 37.04% Memory free
1.99 Gb Paging File | 0.88 Gb Available in Paging File | 43.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.78 Gb Total Space | 158.72 Gb Free Space | 71.89% Space Free | Partition Type: NTFS

Computer Name: AJBA-PC | User Name: ajba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/02 00:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
PRC - [2014/05/02 00:20:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 00:04:08 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/04/12 02:17:18 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/12/16 10:21:49 | 003,821,136 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2013/08/02 08:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 13:32:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/10 13:31:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/10/10 13:31:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/10/10 13:31:28 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/10 13:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/10/10 13:31:27 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012/09/27 13:59:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/06/28 10:46:07 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 23:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/12 16:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/07 15:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/10/03 09:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/03 09:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/10/01 06:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/10/01 06:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/10/01 06:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/09/10 21:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/24 10:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/08/04 13:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 07:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 18:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/07/04 10:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2009/06/05 11:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/02 00:20:09 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/04/30 00:04:07 | 016,351,920 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/03 09:48:42 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Services (SafeList) ==========

SRV - [2014/05/02 00:20:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 00:04:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/10/10 13:32:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/10 13:31:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/10/10 13:31:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/10/10 13:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/10 13:31:27 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012/08/06 17:33:56 | 000,605,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Mobile Partner\eap\wifimansvc.exe -- (wifimansvc)
SRV - [2012/06/28 10:46:07 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009/10/03 09:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/10/01 06:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 21:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/24 10:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 18:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/04 10:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/05 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2013/11/28 08:24:18 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/01/23 10:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2013/01/23 10:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012/10/17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/10/10 14:05:28 | 000,112,584 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012/10/10 14:05:28 | 000,092,008 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012/09/27 13:59:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/27 13:59:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/27 13:59:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/06 11:50:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/06/06 09:18:34 | 000,377,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/06/06 09:18:34 | 000,202,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/06/06 09:18:34 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/06/06 09:18:34 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/06/06 09:18:34 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/06/06 09:18:34 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/06/06 09:18:34 | 000,070,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/06/06 09:18:34 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/06/06 09:18:34 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/12 16:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/23 15:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/04 13:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/08/07 18:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/06/02 19:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 19:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 19:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...94wwk5w4462r119
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...94wwk5w4462r119
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enSG371SG371
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2795788979-175850703-175300515-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: DoesAmazonShipTo%40usefulhelper.com:3.0.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.746
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: [email protected]:7.3.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ajba\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ajba\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/02 00:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\ajba\AppData\Roaming\IDM\idmmzcc5 [2013/12/27 21:49:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/02 00:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\ajba\AppData\Roaming\IDM\idmmzcc5 [2013/12/27 21:49:35 | 000,000,000 | ---D | M]

[2010/04/27 07:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Extensions
[2014/04/18 20:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\extensions
[2014/04/18 20:54:06 | 000,012,026 | ---- | M] () (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\extensions\[email protected]
[2014/05/02 00:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/02 00:20:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\Application\30.0.1599.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\Application\30.0.1599.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\Application\30.0.1599.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Program Files\TVUPlayer\npTVUAx.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\ajba\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/10/07 19:28:58 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: [Mobile Partner] C:\Program Files\MobileWiFi\MobileWiFi.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0749BF79-8F63-494E-98EB-15AC1D8EDA96}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{447E6596-9381-4BAB-A5C7-3C22EC718380}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56C5CAF8-CB53-463C-BB94-B5067A557FFA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8354670C-EEFD-4C27-AD49-683B6C1067B2}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{890BF8CC-A03E-432D-AAC5-CA4845485612}: NameServer = 203.116.1.94 203.116.254.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E911FC69-4C5B-4B8E-8B55-8C60BE7E584C}: DhcpNameServer = 202.65.247.31 202.65.244.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E911FC69-4C5B-4B8E-8B55-8C60BE7E584C}: NameServer = 202.65.247.31 202.65.244.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D5066E-4BA9-4B92-AA64-F735228CAF9F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2014/05/03 13:36:58 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/05/02 06:19:18 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/02 00:28:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
[2014/05/02 00:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/04/18 22:01:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/18 22:01:01 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/18 22:01:01 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2014/04/18 22:01:01 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/13 22:54:48 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/04/13 22:54:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/04/13 22:54:46 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/04/13 22:54:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/04/13 22:54:44 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/04/13 22:54:44 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2014/04/13 22:54:41 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/01/06 06:10:06 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2014/05/06 23:34:17 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 23:34:16 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/06 23:25:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/06 23:25:33 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/06 07:02:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2795788979-175850703-175300515-1000UA.job
[2014/05/06 06:57:24 | 000,664,780 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/06 06:57:24 | 000,125,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/04 15:03:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/02 04:02:02 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2795788979-175850703-175300515-1000Core.job
[2014/05/02 00:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
[2014/05/02 00:25:08 | 000,001,994 | ---- | M] () -- C:\Users\ajba\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/30 00:23:03 | 000,002,325 | ---- | M] () -- C:\Users\ajba\Desktop\Google Chrome.lnk
[2014/04/30 00:04:08 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/04/30 00:04:08 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/04/29 18:07:56 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/04/14 20:13:52 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2014/04/14 20:05:11 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/04/14 20:05:06 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2014/04/14 20:04:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe

========== Files Created - No Company Name ==========

[2013/10/19 09:03:21 | 000,145,152 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/25 02:57:08 | 000,000,218 | ---- | C] () -- C:\Users\ajba\.recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/31 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\ajba\AppData\Roaming\.#
[2014/05/06 07:02:18 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\DMCache
[2011/01/28 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\FXTS2
[2010/03/18 04:25:47 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\GameConsole
[2012/03/25 02:52:21 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\gtk-2.0
[2012/11/05 00:45:11 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\IDM
[2012/10/13 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Juniper Networks
[2013/12/25 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Nokia
[2012/03/25 02:47:35 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Participatory Culture Foundation
[2011/03/10 01:17:54 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\PC Suite
[2012/03/25 02:57:08 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\PCF-VLC
[2012/10/13 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012/10/13 20:14:17 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========
SRV - [2009/07/14 09:14:53 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2013/02/27 12:49:16 | 000,047,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2009/07/14 09:14:11 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2010/11/20 20:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2010/11/20 20:18:06 | 000,494,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2013/09/25 08:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/07/14 09:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2012/07/05 05:14:34 | 000,102,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/07/09 12:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2010/11/20 20:18:30 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2011/03/03 13:38:01 | 000,132,608 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2009/07/14 09:15:13 | 000,098,304 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/07/14 09:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2009/07/14 09:15:33 | 000,300,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2010/11/20 20:19:23 | 000,350,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/07/14 09:16:15 | 000,313,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2009/07/14 09:15:41 | 000,049,664 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2009/07/14 09:16:03 | 000,280,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2009/07/14 09:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2012/10/04 00:42:26 | 000,242,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2009/07/14 09:16:11 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2011/05/24 18:44:59 | 000,293,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2012/02/11 13:37:49 | 000,317,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2013/09/25 08:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
No service found with a name of EMDMgmt
SRV - [2009/07/14 09:16:12 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2010/11/20 20:21:00 | 000,286,208 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2009/07/14 09:16:13 | 000,021,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2013/09/25 08:49:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/07/14 09:16:20 | 000,073,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/11/20 20:21:26 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2010/11/20 20:21:19 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
No service found with a name of slsvc
SRV - [2010/11/20 20:21:05 | 000,750,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2010/11/20 20:21:28 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/14 09:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2012/05/01 12:44:12 | 000,164,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2010/11/20 20:17:51 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2010/11/20 20:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2010/11/20 20:18:05 | 000,473,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2010/11/20 20:21:06 | 000,125,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/11/20 20:21:35 | 001,086,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (eventlog)
SRV - [2010/11/20 20:19:40 | 000,566,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2010/11/20 20:21:35 | 000,463,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (StiSvc)
SRV - [2010/11/20 20:17:22 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/07/14 09:16:19 | 000,168,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/03 06:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2010/11/20 20:18:34 | 000,214,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/14 09:16:19 | 000,829,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2010/11/20 20:21:36 | 000,084,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: MPSVC.DLL >
[2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Program Files\Windows Defender\MpSvc.dll
[2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=082CF481F659FAE0DE51AD060881EB47 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.18170_none_597f1ba5b6a5991f\MpSvc.dll
[2013/05/27 12:29:30 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=0A4C23D8D5B7A376C6C51EC72F3CB8AA -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.22341_none_5a2a2a64cfa9fb94\MpSvc.dll
[2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.16385_none_579306edb982ae36\MpSvc.dll
[2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=3FAE8F94296001C32EAB62CD7D82E0FD -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7601.17514_none_59c41ab5b67131d0\MpSvc.dll
[2013/05/27 12:30:41 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=7F7161507C1FDBDAB71941D3BA9636B6 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.17316_none_57df9fe3b9491d97\MpSvc.dll
[2013/05/27 12:58:00 | 000,680,960 | ---- | M] (Microsoft Corporation) MD5=8988FAC76FD9178180FE2C8C2C7A4C03 -- C:\Windows\winsxs\x86_security-malware-windows-defender_31bf3856ad364e35_6.1.7600.21531_none_584e9d4ad27b73b7\MpSvc.dll

< MD5 for: QMGR.DLL >
[2009/07/14 09:16:12 | 000,589,312 | ---- | M] (Microsoft Corporation) MD5=53F476476F55A27F580661BDE09C4EC4 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7600.16385_none_23671b105ac5a0fd\qmgr.dll
[2010/11/20 20:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\System32\qmgr.dll
[2010/11/20 20:20:58 | 000,585,728 | ---- | M] (Microsoft Corporation) MD5=E585445D5021971FAE10393F0F1C3961 -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_25982ed857b42497\qmgr.dll

< MD5 for: RPCSS.DLL >
[2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\System32\rpcss.dll
[2010/11/20 20:21:03 | 000,376,832 | ---- | M] (Microsoft Corporation) MD5=7660F01D3B38ACA1747E397D21D790AF -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_6bd245e79c221747\rpcss.dll
[2009/07/14 09:16:13 | 000,376,320 | ---- | M] (Microsoft Corporation) MD5=B82CD39E336973359D7C9BF911E8E84F -- C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_69a1321f9f3393ad\rpcss.dll

< MD5 for: SERVICES >
[2009/06/11 05:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\System32\drivers\etc\services
[2009/06/11 05:39:37 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_045b589158ae90da\services

< MD5 for: SERVICES.CFG >
[2013/12/19 02:42:40 | 000,558,851 | ---- | M] () MD5=A044715A48D8FADB9366D554F20D3331 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009/07/14 09:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2009/07/14 10:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\System32\en-US\services.exe.mui
[2009/07/14 10:03:06 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=0DA5F221169DEB5AC3A22465CD6F0281 -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_69d39d3a8748c332\services.exe.mui

< MD5 for: SERVICES.LNK >
[2009/07/14 12:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2009/07/14 12:41:45 | 000,001,288 | ---- | M] () MD5=021B1B178776500E54560EDCFFE0EE21 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2009/06/11 05:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2009/06/11 05:26:14 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.mof

< MD5 for: SERVICES.MSC >
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2009/07/14 10:08:50 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
[2009/06/11 05:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

< MD5 for: SERVICES.PTXML >
[2009/07/14 04:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\System32\wdi\perftrack\Services.ptxml
[2009/07/14 04:20:01 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\Services.ptxml

< MD5 for: SVCHOST.EXE >
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 13:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< MD5 for: WINSOCK.DLL >
[2009/07/14 05:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\System32\WINSOCK.DLL
[2009/07/14 05:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7600.16385_none_fde3cf3dd3e16d0d\WINSOCK.DLL
[2009/07/14 05:41:34 | 000,002,864 | ---- | M] (Microsoft Corporation) MD5=68485C5EF0E2EFCEBF21BBB1042B823B -- C:\Windows\winsxs\x86_microsoft-windows-ntvdm-system32_31bf3856ad364e35_6.1.7601.17514_none_0014e305d0cff0a7\WINSOCK.DLL

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Acer
Volume Serial Number is 7460-01D9
Directory of C:\
14/07/2009 12:53 PM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
Directory of C:\ProgramData
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 12:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 12:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 12:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 12:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users
14/07/2009 12:53 PM    <SYMLINKD>     All Users [C:\ProgramData]
14/07/2009 12:53 PM    <JUNCTION>     Default User [C:\Users\Default]
               0 File(s)              0 bytes
Directory of C:\Users\ajba
14/03/2010 10:03 PM    <JUNCTION>     Application Data [C:\Users\ajba\AppData\Roaming]
14/03/2010 10:03 PM    <JUNCTION>     Cookies [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Cookies]
14/03/2010 10:03 PM    <JUNCTION>     Local Settings [C:\Users\ajba\AppData\Local]
14/03/2010 10:03 PM    <JUNCTION>     My Documents [C:\Users\ajba\Documents]
14/03/2010 10:03 PM    <JUNCTION>     NetHood [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/03/2010 10:03 PM    <JUNCTION>     PrintHood [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/03/2010 10:03 PM    <JUNCTION>     Recent [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Recent]
14/03/2010 10:03 PM    <JUNCTION>     SendTo [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\SendTo]
14/03/2010 10:03 PM    <JUNCTION>     Start Menu [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Start Menu]
14/03/2010 10:03 PM    <JUNCTION>     Templates [C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\ajba\AppData\Local
14/03/2010 10:03 PM    <JUNCTION>     Application Data [C:\Users\ajba\AppData\Local]
14/03/2010 10:03 PM    <JUNCTION>     History [C:\Users\ajba\AppData\Local\Microsoft\Windows\History]
14/03/2010 10:03 PM    <JUNCTION>     Temporary Internet Files [C:\Users\ajba\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\ajba\Documents
14/03/2010 10:03 PM    <JUNCTION>     My Music [C:\Users\ajba\Music]
14/03/2010 10:03 PM    <JUNCTION>     My Pictures [C:\Users\ajba\Pictures]
14/03/2010 10:03 PM    <JUNCTION>     My Videos [C:\Users\ajba\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\All Users
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\ProgramData]
14/07/2009 12:53 PM    <JUNCTION>     Desktop [C:\Users\Public\Desktop]
14/07/2009 12:53 PM    <JUNCTION>     Documents [C:\Users\Public\Documents]
14/07/2009 12:53 PM    <JUNCTION>     Favorites [C:\Users\Public\Favorites]
14/07/2009 12:53 PM    <JUNCTION>     Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM    <JUNCTION>     Templates [C:\ProgramData\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Roaming]
14/07/2009 12:53 PM    <JUNCTION>     Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
14/07/2009 12:53 PM    <JUNCTION>     Local Settings [C:\Users\Default\AppData\Local]
14/07/2009 12:53 PM    <JUNCTION>     My Documents [C:\Users\Default\Documents]
14/07/2009 12:53 PM    <JUNCTION>     NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
14/07/2009 12:53 PM    <JUNCTION>     PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
14/07/2009 12:53 PM    <JUNCTION>     Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
14/07/2009 12:53 PM    <JUNCTION>     SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
14/07/2009 12:53 PM    <JUNCTION>     Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
14/07/2009 12:53 PM    <JUNCTION>     Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
               0 File(s)              0 bytes
Directory of C:\Users\Default\AppData\Local
14/07/2009 12:53 PM    <JUNCTION>     Application Data [C:\Users\Default\AppData\Local]
14/07/2009 12:53 PM    <JUNCTION>     History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
14/07/2009 12:53 PM    <JUNCTION>     Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
               0 File(s)              0 bytes
Directory of C:\Users\Default\Documents
14/07/2009 12:53 PM    <JUNCTION>     My Music [C:\Users\Default\Music]
14/07/2009 12:53 PM    <JUNCTION>     My Pictures [C:\Users\Default\Pictures]
14/07/2009 12:53 PM    <JUNCTION>     My Videos [C:\Users\Default\Videos]
               0 File(s)              0 bytes
Directory of C:\Users\Public\Documents
14/07/2009 12:53 PM    <JUNCTION>     My Music [C:\Users\Public\Music]
14/07/2009 12:53 PM    <JUNCTION>     My Pictures [C:\Users\Public\Pictures]
14/07/2009 12:53 PM    <JUNCTION>     My Videos [C:\Users\Public\Videos]
               0 File(s)              0 bytes
     Total Files Listed:
               0 File(s)              0 bytes
              50 Dir(s) 170,235,203,584 bytes free

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1F04E8D

< End of report >

#4
xxmaxixx

Posted 06 May 2014 - 04:33 PM

Member

Topic Starter
Member
108 posts

I cant seem to find Extras based on the scan earlier.

OTL Extras logfile created on: 5/2/2014 6:27:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\ajba\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1013.10 Mb Total Physical Memory | 174.38 Mb Available Physical Memory | 17.21% Memory free
1.99 Gb Paging File | 1.04 Gb Available in Paging File | 52.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.78 Gb Total Space | 152.91 Gb Free Space | 69.26% Space Free | Partition Type: NTFS

Computer Name: AJBA-PC | User Name: ajba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{45FFCA74-1CD2-46C5-B4E6-18EE5099E0B4}" = dir=in | app=c:\program files\nokia\nokia suite\nokiasuite.exe |
"{6371641E-2E9E-4785-9598-EC6A7B6F6F85}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{BB2627EA-5691-4EE3-AA51-C23350D4FF13}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F442B599-DE80-4D3C-BB74-D06EF0AFD6D7}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}" = Apple Mobile Device Support
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java™ 6 Update 32
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 55
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373274-977E-413C-A4DE-DC0F8E80C429}" = Nokia Connectivity Cable Driver
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{866C4563-ED53-43F3-A29D-8BEE2BD1BA3C}" = Nokia PC Suite
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C4ABA28-6781-410C-A8B1-79288E68E6D2}" = BlueStacks
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.9)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E05D82D8-FE70-4228-B073-B0C07FE27595}" = iTunes
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDB188F5-D8E8-42EE-89E0-F212DA48CB81}" = Nokia Suite
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows Driver Package - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0)
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
"755087041320E005CB1E8A67C5C55A260EB81B90" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"A6A8668C0A13640CA28FE2A7D9654BE4AE478B13" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avira AntiVir Desktop" = Avira Internet Security 2012
"BBEC16685668EB1D6F3D05051DD7314B66370C9F" = Windows Driver Package - ENE (EUCR) USB (11/23/2009 5.89.0.62)
"Bejeweled 31.0.8.6128" = Bejeweled 3
"BF20603967CFDCB2BBF91950E8A56DFBC5C833FE" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"BroadBand on Mobile" = BroadBand on Mobile
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows Driver Package - Nokia Modem (02/25/2011 4.7)
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"Internet Download Manager" = Internet Download Manager
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.7.5 (Full)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MCShield" = MCShield ::Anti-Malware Tool::
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mobile Partner" = Mobile Partner
"MobileWiFi" = MobileWiFi
"Mozilla Firefox 29.0 (x86 en-GB)" = Mozilla Firefox 29.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"Personalization Panel" = Personalization Panel
"Playlist Creator 3.6.2" = Playlist Creator 3.6.2
"PowerISO" = PowerISO
"SopCast" = SopCast 3.4.8
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2014 2:04:43 PM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 3/8/2014 7:51:00 PM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 3/8/2014 7:51:00 PM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 3/8/2014 11:07:46 PM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 3/8/2014 11:07:46 PM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = 456: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 3/8/2014 11:37:48 PM | Computer Name = ajba-PC | Source = VSS | ID = 12310
Description =

Error - 3/8/2014 11:37:49 PM | Computer Name = ajba-PC | Source = VSS | ID = 12298
Description =

Error - 3/22/2014 11:59:03 AM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/22/2014 11:59:04 AM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8924

Error - 3/22/2014 11:59:04 AM | Computer Name = ajba-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8924

[ System Events ]
Error - 5/1/2014 12:13:20 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 5/1/2014 12:15:54 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 5/1/2014 6:12:38 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Mobile
Partner. OUC service to connect.

Error - 5/1/2014 6:12:38 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7000
Description = The Mobile Partner. OUC service failed to start due to the following
error:   %%1053

Error - 5/1/2014 6:13:18 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 5/1/2014 6:15:48 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

Error - 5/1/2014 6:22:21 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Mobile
Partner. OUC service to connect.

Error - 5/1/2014 6:22:21 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7000
Description = The Mobile Partner. OUC service failed to start due to the following
error:   %%1053

Error - 5/1/2014 6:22:48 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   cdrom

Error - 5/1/2014 6:25:21 PM | Computer Name = ajba-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Microsoft
.NET Framework NGEN v4.0.30319_X86 service to connect.

< End of report >

#5
Machiavelli

Posted 06 May 2014 - 11:01 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello,
looks pretty good.

Step 1: OTL Fix

Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..extensions.enabledAddons: DoesAmazonShipTo%40usefulhelper.com:3.0.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll File not found
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-2795788979-175850703-175300515-1000..\Run: []  File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O13 - gopher Prefix: missing
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\Shell - "" = AutoRun
O33 - MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O33 - MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\Shell - "" = AutoRun
O33 - MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\Shell\AutoRun\command - "" = D:\AutoRun.exe
@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:5D7E5A8F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E3C56885
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E1F04E8D

:Commands
[RESETHOSTS]
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, post the Fixlog into your next reply.

Step 2: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1

Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
Click Scan and let the scan run.
When it finishes, click Clean, following the on screen prompts
After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

Step 3: JunkwareRemovalTool

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Step 4: OTL QuickScan

Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
Click Quick Scan to start OTL.
When OTL finishes scanning, a logs, OTL.txt will open.
Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Step 5: Question

How is your PC running? Any issues?

#6
xxmaxixx

Posted 07 May 2014 - 09:44 AM

Member

Topic Starter
Member
108 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Prefs.js: DoesAmazonShipTo%40usefulhelper.com:3.0.2 removed from extensions.enabledAddons
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27B4851A-3207-45A2-B947-BE8AFE6163AB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2795788979-175850703-175300515-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08be604c-7e80-11e2-b277-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08be604c-7e80-11e2-b277-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08be604c-7e80-11e2-b277-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1946bf36-2f78-11df-abe7-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2720a87e-322e-11df-9819-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2720a87e-322e-11df-9819-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2720a87e-322e-11df-9819-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27b60e0e-728a-11e2-a4ca-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27b60e1d-728a-11e2-a4ca-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{52599e50-4e4d-11e3-8046-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603e8a1c-3881-11df-aa3a-001e101f3315}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{603e8a1c-3881-11df-aa3a-001e101f3315}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{603e8a1c-3881-11df-aa3a-001e101f3315}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{69dc5943-2e95-11e3-ad59-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9557a91d-84c4-11e1-9862-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9557a92b-84c4-11e1-9862-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e07519-91d2-11e1-983d-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e07519-91d2-11e1-983d-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e07519-91d2-11e1-983d-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e07526-91d2-11e1-983d-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{98e07526-91d2-11e1-983d-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98e07526-91d2-11e1-983d-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a516edf6-31f5-11df-9773-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a516edf6-31f5-11df-9773-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a516edf6-31f5-11df-9773-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a807c410-cb44-11e2-9fa3-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa14ad60-4a6c-11e0-bac7-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{aa14ad82-4a6c-11e0-bac7-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c293512f-5189-11df-aa8a-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c293512f-5189-11df-aa8a-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c293512f-5189-11df-aa8a-705ab63e0fd8}\ not found.
File D:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d083feaf-f1eb-11e2-8060-705ab63e0fd8}\ not found.
File D:\AutoRun.exe not found.
ADS C:\ProgramData\TEMP:5D7E5A8F deleted successfully.
ADS C:\ProgramData\TEMP:4D066AD2 deleted successfully.
ADS C:\ProgramData\TEMP:E3C56885 deleted successfully.
ADS C:\ProgramData\TEMP:E1F04E8D deleted successfully.
========== COMMANDS ==========
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!

[EMPTYTEMP]

User: ajba
->Temp folder emptied: 657527300 bytes
->Temporary Internet Files folder emptied: 353911555 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 136213943 bytes
->Google Chrome cache emptied: 276601698 bytes
->Flash cache emptied: 1190 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7484076 bytes
RecycleBin emptied: 4244 bytes

Total Files Cleaned = 1,365.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05072014_231453

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.207 - Report created 07/05/2014 at 23:55:08
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : ajba - AJBA-PC
# Running from : C:\Users\ajba\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner
File Deleted : C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\invalidprefs.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKCU\Software\5cd8f17f4086744065eb0992a09e05a2
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_music-rescue_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_music-rescue_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545

-\\ Mozilla Firefox v29.0 (en-GB)

[ File : C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : ndibdjnfmopecpmkdieinmbadjfpblof

*************************

AdwCleaner[R0].txt - [2684 octets] - [07/05/2014 23:46:00]
AdwCleaner[S0].txt - [2651 octets] - [07/05/2014 23:55:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2711 octets] ##########

Edited by xxmaxixx, 07 May 2014 - 10:01 AM.

#7
xxmaxixx

Posted 07 May 2014 - 10:25 AM

Member

Topic Starter
Member
108 posts

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Starter x86
Ran by ajba on Thu 08/05/2014 at 0:12:05.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{0761371C-4104-4317-B105-017C2FAE478A}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{0B5C1A6A-2743-4960-81E7-26FE543D4DDC}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{0FB5076C-AC83-4088-850D-D9B5D413BE42}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{108186B2-29BB-4977-A78D-3C7B4A5B25A4}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{1201D4CD-C1CD-4D33-9268-7A4B65D7556C}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{12555FEB-4802-4447-91A2-0584EF3FF97B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{14A2C7C2-FC4D-479C-B65C-1DF540C342FE}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{1CC7EB61-9A8F-485C-9C05-F66F3F542D6D}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{1D87C012-8C51-4D8A-8A78-2CCB7AF227E5}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{1E56880F-FC12-46D3-A421-997F0DE7B68D}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{1FC32029-92F2-4137-ADA0-06255588163B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{274E0DA7-3EAF-494C-A62D-3D55F56F921B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{2B265428-2846-4E7A-B299-D95C84D8A3A9}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{2DB8A830-9C72-4462-BB34-F12AFF6691BB}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{2FE119DC-5B8C-4339-B14F-D485FF60D5B8}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{32061F3A-83A9-43B0-BACB-58D418F1F953}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{3CB568D2-414C-4AF2-929C-4630AE87F18F}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{419CD0BD-C4AF-4F9F-9A23-83D34826C321}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{45079EFE-5183-45D9-8F13-91CECAC4419C}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{45B0CF23-B994-468A-B6C3-E0186E76B48D}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{48961301-E193-43B0-9D0B-511FFA313FEE}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{4F1BC6EB-73D1-4447-B8F9-4233C426D34A}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{5813419B-D63A-41D2-A54C-3E8227490841}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{593E782B-E8B4-4190-982E-0FACC20E5D87}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{5D18DDC0-DFF8-4858-872F-A465C962E79F}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{5FE38059-3E67-4746-A653-20FAA466F2E7}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{660928C7-64C2-4B07-A1FE-42448F518ECD}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{6785E683-2D1C-4164-A08B-F94DE54F6C0E}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{67E93911-E6DD-42DD-BF1E-767A8B1E96E1}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{6B906220-AFE2-4147-BE36-B137D530AB8B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{7124249A-E0FE-4B41-BE50-F4FB6726A7BA}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{754B983A-6432-4AAC-B6C6-C64D7C83F74F}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{7A228F1C-D82C-491A-9624-93EB0E6DFF4B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{7A743070-719A-400A-83BD-BF67B878171B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{7EE84E47-9929-4B18-823D-87361551D56E}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{84133629-E34E-43A9-808C-3B6A6C198E44}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{8B1007B1-07A5-453B-98A1-F5E1D4134F4F}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{8BF2D4E4-B9C0-47F1-8F39-194DFAAC8BE2}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{8BFC9E47-D554-417C-8F8B-D085224039CE}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{8C634935-AF46-499F-9416-D2A1BA88FB18}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{91B73EA2-9066-4002-A030-BC5079943FBB}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{98936678-7B00-4029-A31D-91967B088F5B}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{98C56B94-D0BB-4B70-8489-9F7A6CADD2CE}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{9D4021AE-19C8-499E-B418-BDDD93551F2E}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{A4306E8E-1AF6-41EB-822A-B2411C03FDA5}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{AB62B259-A2A6-4BF0-A055-A3C28944330A}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{ABC588AB-9DC5-44DB-9682-FC98AACA934D}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{BD2D34C8-27F3-4E8E-962F-BF4EE4F7F289}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{BEB7A5E8-556F-4F97-B07B-F4F4051D68AC}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{C6EB564B-359D-4395-A418-6A05C9042BA8}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{CAEEEB67-C55B-4893-94BA-449AA5AE0AB6}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{CC6C6B48-0E99-49BC-9FAD-BA50D78945A1}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{D107C4F8-8276-4E4B-B436-27C4833FD6D5}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{D1C80894-5E04-4952-8100-2CE829705E86}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{D2E1FB3F-FD1A-4F22-874C-24F163259C91}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{DD951B01-1E0C-44DF-8168-545351AD17E7}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{E62ACFA7-9FD2-4412-A656-8B854E872FB7}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{E8B156D8-A8A9-4CDC-BF6C-1DEEF35DEA40}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{E9359A08-3928-4D6D-9800-E78A6A9C45CD}
Successfully deleted: [Empty Folder] C:\Users\ajba\appdata\local\{FD93371E-ED63-4533-A36A-1DEAE94F6140}

~~~ FireFox

Emptied folder: C:\Users\ajba\AppData\Roaming\mozilla\firefox\profiles\woxurmrj.default\minidumps [85 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/05/2014 at 0:21:03.40
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OTL logfile created on: 5/8/2014 12:24:27 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ajba\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Singapore | Language: ENE | Date Format: d/M/yyyy

1013.10 Mb Total Physical Memory | 213.70 Mb Available Physical Memory | 21.09% Memory free
1.99 Gb Paging File | 1.06 Gb Available in Paging File | 53.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.78 Gb Total Space | 152.93 Gb Free Space | 69.27% Space Free | Partition Type: NTFS

Computer Name: AJBA-PC | User Name: ajba | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/05/02 00:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
PRC - [2014/05/02 00:20:11 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/04/12 02:17:18 | 000,650,816 | ---- | M] (MyCity) -- C:\Program Files\MCShield\MCShieldRTM.exe
PRC - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/08/02 08:52:57 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/23 10:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/10 13:32:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/10/10 13:31:28 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/10/10 13:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/10/10 13:31:27 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2012/09/27 13:59:39 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/06/28 10:46:07 | 000,655,744 | ---- | M] () -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
PRC - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 23:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/12 16:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/10/07 15:49:50 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2009/10/03 09:48:26 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/10/03 09:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/10/01 06:47:36 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2009/10/01 06:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2009/10/01 06:46:28 | 000,469,536 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2009/09/10 21:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GregHSRW.exe
PRC - [2009/08/24 10:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2009/08/04 13:09:34 | 000,199,464 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
PRC - [2009/07/11 07:18:18 | 000,708,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2009/07/10 18:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2009/06/05 11:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2014/05/02 00:20:09 | 003,845,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/10/03 09:48:42 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll

========== Services (SafeList) ==========

SRV - [2014/05/02 00:20:10 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 00:04:18 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/19 02:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/05/27 12:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/18 11:06:42 | 000,737,616 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/10/10 13:32:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/10/10 13:31:34 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/10/10 13:31:29 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/10/10 13:31:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/10/10 13:31:27 | 000,619,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2012/08/06 17:33:56 | 000,605,696 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Mobile Partner\eap\wifimansvc.exe -- (wifimansvc)
SRV - [2012/06/28 10:46:07 | 000,655,744 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe -- (Mobile Partner. RunOuc)
SRV - [2011/03/14 23:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2009/10/03 09:48:26 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/10/01 06:47:14 | 000,727,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009/09/10 21:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009/08/28 17:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/08/24 10:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2009/07/10 18:54:44 | 000,253,952 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2009/07/04 10:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Stopped] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009/06/05 11:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - [2013/11/28 08:24:18 | 000,108,000 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2013/01/23 10:31:50 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2013/01/23 10:31:50 | 000,018,560 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2013/01/23 10:31:50 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2012/10/17 14:53:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012/10/10 14:05:28 | 000,112,584 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2012/10/10 14:05:28 | 000,092,008 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012/09/27 13:59:39 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/09/27 13:59:39 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/09/27 13:59:39 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/08/27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012/08/23 22:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 22:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012/06/06 11:50:44 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2012/06/06 09:18:34 | 000,377,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbwwan.sys -- (ewusbmbb)
DRV - [2012/06/06 09:18:34 | 000,202,752 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juwwanecm.sys -- (huawei_wwanecm)
DRV - [2012/06/06 09:18:34 | 000,199,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2012/06/06 09:18:34 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2012/06/06 09:18:34 | 000,095,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2012/06/06 09:18:34 | 000,076,544 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2012/06/06 09:18:34 | 000,070,016 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2012/06/06 09:18:34 | 000,027,520 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2012/06/06 09:18:34 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/04/12 16:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/11/23 15:30:06 | 000,103,296 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/11/06 12:53:58 | 001,227,776 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/04 13:37:44 | 000,054,784 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009/08/07 18:18:28 | 000,212,528 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 12:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/06/02 19:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 19:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 19:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer...94wwk5w4462r119
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...94wwk5w4462r119
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE10SR
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enSG371SG371
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\ajba\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\ajba\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/02 00:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\ajba\AppData\Roaming\IDM\idmmzcc5 [2013/12/27 21:49:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014/05/02 00:19:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\ajba\AppData\Roaming\IDM\idmmzcc5 [2013/12/27 21:49:35 | 000,000,000 | ---D | M]

[2010/04/27 07:29:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Extensions
[2014/04/18 20:54:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\extensions
[2014/04/18 20:54:06 | 000,012,026 | ---- | M] () (No name found) -- C:\Users\ajba\AppData\Roaming\Mozilla\Firefox\Profiles\woxurmrj.default\extensions\[email protected]
[2014/05/02 00:19:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/05/02 00:20:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: First user (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: Entanglement = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Poppit = C:\Users\ajba\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/10/07 19:28:58 | 000,000,878 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [MCShield Monitor] C:\Program Files\MCShield\MCShieldRTM.exe (MyCity)
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\MobileWiFi\MobileWiFi.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.55.2)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0749BF79-8F63-494E-98EB-15AC1D8EDA96}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{447E6596-9381-4BAB-A5C7-3C22EC718380}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56C5CAF8-CB53-463C-BB94-B5067A557FFA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8354670C-EEFD-4C27-AD49-683B6C1067B2}: NameServer =
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{890BF8CC-A03E-432D-AAC5-CA4845485612}: NameServer = 203.116.1.94 203.116.254.150
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E911FC69-4C5B-4B8E-8B55-8C60BE7E584C}: DhcpNameServer = 202.65.247.31 202.65.244.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E911FC69-4C5B-4B8E-8B55-8C60BE7E584C}: NameServer = 202.65.247.31 202.65.244.32
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F1D5066E-4BA9-4B92-AA64-F735228CAF9F}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/05/08 00:03:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/07 23:54:09 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/05/07 23:45:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/07 23:14:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/05/02 00:28:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
[2014/05/02 00:19:13 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/01/06 06:10:06 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

========== Files - Modified Within 30 Days ==========

[2014/05/08 00:17:16 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 00:17:16 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/08 00:08:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/08 00:08:39 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/08 00:04:53 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2795788979-175850703-175300515-1000UA.job
[2014/05/08 00:03:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/07 04:02:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2795788979-175850703-175300515-1000Core.job
[2014/05/06 06:57:24 | 000,664,780 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/05/06 06:57:24 | 000,125,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/05/02 00:28:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ajba\Desktop\OTL.exe
[2014/05/02 00:25:08 | 000,001,994 | ---- | M] () -- C:\Users\ajba\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/04/30 00:23:03 | 000,002,325 | ---- | M] () -- C:\Users\ajba\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2013/10/19 09:03:21 | 000,145,152 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/03/25 02:57:08 | 000,000,218 | ---- | C] () -- C:\Users\ajba\.recently-used.xbel

========== ZeroAccess Check ==========

[2009/07/14 12:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 09:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 09:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/05/31 01:05:31 | 000,000,000 | -HSD | M] -- C:\Users\ajba\AppData\Roaming\.#
[2014/05/08 00:07:28 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\DMCache
[2011/01/28 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\FXTS2
[2010/03/18 04:25:47 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\GameConsole
[2012/03/25 02:52:21 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\gtk-2.0
[2012/11/05 00:45:11 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\IDM
[2012/10/13 20:59:01 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Juniper Networks
[2013/12/25 09:53:03 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Nokia
[2012/03/25 02:47:35 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\Participatory Culture Foundation
[2011/03/10 01:17:54 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\PC Suite
[2012/03/25 02:57:08 | 000,000,000 | ---D | M] -- C:\Users\ajba\AppData\Roaming\PCF-VLC

========== Purity Check ==========

< End of report >
So far so good for my pc.

Edited by xxmaxixx, 07 May 2014 - 11:01 AM.

#8
Machiavelli

Posted 07 May 2014 - 12:54 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hey,
looks good.

Please don't edit your Posts.

Step 1: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

Go back to the Dashboard and select Scan Now

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 2: ESET

Please disable your AntiVirus before doing these steps!

If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
This will only work for Internet Explorer or FireFox
Please download ESET Online Scanner from here

How to do this?

Visit this website here
You will see a screen like this:
- Click Run ESET Online Scanner
- A Window will open (see above) - please click on the link
- A window will pop up - please download the file to your Desktop
- When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)
- Tick the box next to YES, I accept the Terms of Use then click on: Start
- You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
- Make sure that the option Remove found threats is NOT checked.
- Make sure that the option Scan archives is checked.
- Now click on Advanced Settings and select the following:
  - Scan for potentially unwanted applications
  - Scan for potentially unsafe applications
  - Enable Anti-Stealth Technology
- Then click on Start
- virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
- When completed the Online Scan will begin automatically. The scan may take several hours.
- Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
- After the scan is finished please click on Finish
Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
Copy and paste that log as a reply to this topic.

Step 3: Security Check

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#9
xxmaxixx

Posted 07 May 2014 - 09:38 PM

Member

Topic Starter
Member
108 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/5/2014
Scan Time: 9:34:46 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.07.09
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: ajba

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 239468
Time Elapsed: 28 min, 45 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-14 08:43:17
# local_time=2012-07-14 04:43:17 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 13375792 13375792 0 0
# compatibility_mode=5893 16776574 100 94 12564031 93881704 0 0
# compatibility_mode=8192 67108863 100 0 1718312 1718312 0 0
# scanned=97784
# found=0
# cleaned=0
# scan_time=4886
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=17364
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-08 07:16:18
# local_time=2014-03-08 03:16:18 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775165 100 99 0 168865424 0 0
# compatibility_mode=5893 16776574 100 94 20531331 145894169 0 0
# scanned=100082
# found=22
# cleaned=0
# scan_time=27971
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\book\book.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\games\games.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Google\Google.lnk"
sh=872B8D1F2269E645237BB8303EA96012482F9FC2 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm" ac=I fn="C:\Google\googleupdate.a3x"
sh=585CCD48C87BDDE3338E771B821029727EE46A3E ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Google\GoogleUpdate.lnk"
sh=CB3F51070C5B795C0F2CAC31D17087581873ABAB ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Google\Windowsupdate.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Intel\Intel.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\OEM\OEM.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\ProgramData\ProgramData.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Skypee\Google.lnk"
sh=872B8D1F2269E645237BB8303EA96012482F9FC2 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm" ac=I fn="C:\Skypee\googleupdate.a3x"
sh=585CCD48C87BDDE3338E771B821029727EE46A3E ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Skypee\GoogleUpdate.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Skypee\Skypee.lnk"
sh=CB3F51070C5B795C0F2CAC31D17087581873ABAB ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Skypee\Windowsupdate.lnk"
sh=872B8D1F2269E645237BB8303EA96012482F9FC2 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm" ac=I fn="C:\Users\ajba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLDT1ZO3\googleupdate[1].rar"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\ajba\AppData\Local\Temp\AskSLib.dll"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\ajba\AppData\Local\Temp\RarSFX0\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\ajba\AppData\Local\Temp\RarSFX0\apntoolbarinstaller.exe"
sh=DAE5A56AE06B734D64957E3BC50FEC35FBD17FE1 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm" ac=I fn="C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Templates\googleu\googleupdate.a3x"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Users\All Users\ProgramData.lnk"
sh=F9433D34586930407345CF1CF191C89C7FA203FF ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Windows\Windows.lnk"
sh=C1CA19024AF15AA888F3DCAD352F6CFF6BFC2C16 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm" ac=I fn="C:\Windows\Installer\7b9f02.msi"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=17370
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-09 02:23:32
# local_time=2014-03-09 10:23:32 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775166 100 99 0 168934258 0 0
# compatibility_mode=5893 16776574 100 94 20600165 145963003 0 0
# scanned=122391
# found=19
# cleaned=18
# scan_time=8763
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan" ac=I fn="C:\Users\All Users\ProgramData.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\book\book.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\games\games.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Google\Google.lnk"
sh=872B8D1F2269E645237BB8303EA96012482F9FC2 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm (deleted - quarantined)" ac=C fn="C:\Google\googleupdate.a3x"
sh=585CCD48C87BDDE3338E771B821029727EE46A3E ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Google\GoogleUpdate.lnk"
sh=CB3F51070C5B795C0F2CAC31D17087581873ABAB ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Google\Windowsupdate.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Intel\Intel.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\OEM\OEM.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\ProgramData.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Skypee\Google.lnk"
sh=872B8D1F2269E645237BB8303EA96012482F9FC2 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm (deleted - quarantined)" ac=C fn="C:\Skypee\googleupdate.a3x"
sh=585CCD48C87BDDE3338E771B821029727EE46A3E ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Skypee\GoogleUpdate.lnk"
sh=D794904B5019A95DEDBAD79981DD71FD6593F5DE ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Skypee\Skypee.lnk"
sh=CB3F51070C5B795C0F2CAC31D17087581873ABAB ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Skypee\Windowsupdate.lnk"
sh=872B8D1F2269E645237BB8303EA96012482F9FC2 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm (deleted - quarantined)" ac=C fn="C:\Users\ajba\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLDT1ZO3\googleupdate[1].rar"
sh=DAE5A56AE06B734D64957E3BC50FEC35FBD17FE1 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm (deleted - quarantined)" ac=C fn="C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Templates\googleu\googleupdate.a3x"
sh=F9433D34586930407345CF1CF191C89C7FA203FF ft=0 fh=0000000000000000 vn="LNK/Agent.AV trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Windows\Windows.lnk"
sh=C1CA19024AF15AA888F3DCAD352F6CFF6BFC2C16 ft=0 fh=0000000000000000 vn="Win32/Autoit.JW worm (deleted - quarantined)" ac=C fn="C:\Windows\Installer\7b9f02.msi"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=17561
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-22 09:53:22
# local_time=2014-03-23 05:53:22 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775165 100 99 23683 170127648 0 0
# compatibility_mode=5893 16776574 100 94 21793555 147156393 0 0
# scanned=24396
# found=0
# cleaned=0
# scan_time=5114
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=17715
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-01 10:48:51
# local_time=2014-04-02 06:48:51 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775166 100 99 10779 170994977 0 0
# compatibility_mode=5893 16776574 100 94 22660884 148023722 0 0
# scanned=41451
# found=0
# cleaned=0
# scan_time=6088
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=17862
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-13 10:22:47
# local_time=2014-04-13 06:22:47 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775166 100 99 1002815 171987013 973825 0
# compatibility_mode=5893 16776574 100 94 23652920 149015758 0 0
# scanned=47508
# found=0
# cleaned=0
# scan_time=8568
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=17940
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-18 01:40:32
# local_time=2014-04-18 09:40:32 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775166 100 99 0 172430878 407257 0
# compatibility_mode=5893 16776574 100 94 24096785 149459623 0 0
# scanned=123777
# found=0
# cleaned=0
# scan_time=8099
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=18120
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-03 05:29:47
# local_time=2014-05-03 01:29:47 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775165 100 99 112666 173697433 83488 0
# compatibility_mode=5893 16776574 100 94 25363340 150726178 0 0
# scanned=121925
# found=0
# cleaned=0
# scan_time=18990
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=64b307b1f29b674898b3e1e4571f6dcc
# engine=18177
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-05-08 06:59:40
# local_time=2014-05-08 02:59:40 (+0800, Malay Peninsula Standard Time)
# country="Singapore"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1279 16777215 0 0 0 0 0 0
# compatibility_mode=1801 16775165 100 99 0 174134826 0 0
# compatibility_mode=5893 16776574 100 94 25800733 151163571 0 0
# scanned=109512
# found=0
# cleaned=0
# scan_time=19067

Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
JavaFX 2.1.0
Java™ 6 Update 32
Java 7 Update 55
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 13.0.0.206
Adobe Reader 10.1.9 Adobe Reader out of Date!
Mozilla Firefox (29.0)
Google Chrome 34.0.1847.116
Google Chrome 34.0.1847.131
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Mobile Partner OnlineUpdate ouc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Edited by xxmaxixx, 08 May 2014 - 01:14 AM.

#10
Machiavelli

Posted 07 May 2014 - 11:12 PM

GeekU Moderator

GeekU Moderator
4,722 posts

I'm waiting for the ESET Log. Well done so far

#11
xxmaxixx

Posted 08 May 2014 - 10:21 AM

Member

Topic Starter
Member
108 posts

#12
Machiavelli

Posted 08 May 2014 - 10:45 AM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello,
in my opinion your PC is clean.

Run OTL (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the OTL icon and select Run as Administrator).

Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:

:Commands
[CREATERESTOREPOINT]

:Files
C:\book
C:\games
C:\Google
C:\Intel
C:\OEM
C:\ProgramData\ProgramData.lnk
C:\Skypee
C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Templates\googleu

:Commands
[EMPTYTEMP]

Click the Run Fix button.
After your computer has rebooted, post the Fixlog into your next reply.

We need to remove the tools we've used during cleaning your machine

Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
Ensure Remove disinfection tools is ticked
Also tick:
- Create registry backup
- Purge system restore
Click Run

The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

Please update:

Adobe Reader
Adobe Flash Player

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

#13
xxmaxixx

Posted 08 May 2014 - 08:03 PM

Member

Topic Starter
Member
108 posts

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\book folder moved successfully.
File\Folder C:\games not found.
C:\Google folder moved successfully.
C:\Intel\Logs folder moved successfully.
C:\Intel folder moved successfully.
C:\OEM\SS folder moved successfully.
C:\OEM\Registration folder moved successfully.
C:\OEM\Preload\SetScreenSaverLog folder moved successfully.
C:\OEM\Preload\RunCmdLog folder moved successfully.
C:\OEM\Preload\PatchLog\CodeTracer folder moved successfully.
C:\OEM\Preload\PatchLog folder moved successfully.
C:\OEM\Preload\OEM\Recovery\HPartition folder moved successfully.
C:\OEM\Preload\OEM\Recovery folder moved successfully.
C:\OEM\Preload\OEM folder moved successfully.
C:\OEM\Preload\MSDRV folder moved successfully.
C:\OEM\Preload\DeployWinRE_log folder moved successfully.
C:\OEM\Preload\Command\WinSAT\DataStore folder moved successfully.
C:\OEM\Preload\Command\WinSAT folder moved successfully.
C:\OEM\Preload\Command\PAP folder moved successfully.
C:\OEM\Preload\Command\AlaunchX\CodeTracer\setEventLog folder moved successfully.
C:\OEM\Preload\Command\AlaunchX\CodeTracer\AppInRun folder moved successfully.
C:\OEM\Preload\Command\AlaunchX\CodeTracer folder moved successfully.
C:\OEM\Preload\Command\AlaunchX folder moved successfully.
C:\OEM\Preload\Command folder moved successfully.
C:\OEM\Preload\Autorun\SET\Backlight folder moved successfully.
C:\OEM\Preload\Autorun\SET folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\ZH folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\XC folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\TR folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\TH folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\TC folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\SV folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\SL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\SK folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\SC folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\RU folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\RO folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\PT folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\PL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\NO folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\NL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\KO folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\JA folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\IT folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\ID folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\HU folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\HR folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\FR folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\FI folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\ET folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\ES folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\EN folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\EL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\DE folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\DA folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\CS folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide\BG folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Quick Guide folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\ZH folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\XC folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\TR folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\TH folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\TC folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\SV folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\SL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\SK folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\SC folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\RU folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\RO folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\PT folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\PL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\NO folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\NL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\KO folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\JA folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\IT folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\ID folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\HU folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\HR folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\FR folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\FI folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\ET folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\ES folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\EN folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\EL folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\DE folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\DA folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\CS folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide\BG folder moved successfully.
C:\OEM\Preload\Autorun\GUI\Acer Generic Guide folder moved successfully.
C:\OEM\Preload\Autorun\GUI folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\WDM folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\Vista64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\Vista folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\MSHDQFE\Win2K_XP\us folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\MSHDQFE\Win2K_XP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\MSHDQFE\Win2K3\us folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\MSHDQFE\Win2K3 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\MSHDQFE folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X\Config folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Realtek Audio Codec ALC272X folder moved successfully.
C:\OEM\Preload\Autorun\DRV\LITE-ON Modem External USB Lite+LSI modem folder moved successfully.
C:\OEM\Preload\Autorun\DRV\LITE-ON Camera utility Crystal Eye folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel Wireless LAN SP1x2HMW folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\TRK folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\THA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\SVE folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\SLV folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\SKY folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\RUS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\PTG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\PTB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\PLK folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\NOR folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\NLD folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\KOR folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\JPN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ITA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\HUN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\HEB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\FRC folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\FRA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\FIN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ESP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ESN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ESM folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ENU folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ENG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ELL folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\DEU folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\DAN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\CSY folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\CHT folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\CHS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ARB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI\ARA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang\HDMI folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Lang folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\TRK folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\THA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\SVE folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\SLV folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\SKY folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\RUS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\PTG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\PTB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\PLK folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\NOR folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\NLD folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\KOR folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\JPN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ITA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\HUN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\HEB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\FRC folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\FRA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\FIN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ESP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ENU folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ENG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ELL folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\DEU folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\DAN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\CSY folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\CHT folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\CHS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ARB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI\ARA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG\HDMI folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics\LANG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA\Graphics folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel VGA Chip UMA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\x64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\WIN7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\TRK folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\THA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\SVE folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\RUS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\PTG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\PTB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\PLK folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\NOR folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\NLD folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\KOR folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\JPN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ITA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\HUN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\HEB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\FRC folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\FRA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\FIN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ESP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ENU folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ENG folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ELL folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\DEU folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\DAN folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\CSY folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\CHT folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\CHS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ARB folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP\ARA folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang\CHIP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\Lang folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\ia64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10\All folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel NB Chipset NM10 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Intel AHCI IMSM folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Broadcom 4312H folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95\SETUP_ISS\Win7_ISS\Driver_Only\Uninstall folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95\SETUP_ISS\Win7_ISS\Driver_Only\Install folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95\SETUP_ISS\Win7_ISS\Driver_Only folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95\SETUP_ISS\Win7_ISS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95\SETUP_ISS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95\ndis6xWin7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Wireless LAN 3rd WiFi BG Atheros HB95 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win64\svcpack folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win64\brcmWin7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win64\brcmVista folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win32\svcpack folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win32\brcmWin7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win32\brcmVista folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Win32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045\Custom folder moved successfully.
C:\OEM\Preload\Autorun\DRV\FOXCONN TW Bluetooth BT 2.1 Broadcom 2045 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ENE Card Reader Chip UB6250NF\Win7_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ENE Card Reader Chip UB6250NF\Win7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ENE Card Reader Chip UB6250NF\Win2kXP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ENE Card Reader Chip UB6250NF folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\WHQL_XP64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\WHQL_XP folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\WHQL_W764 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\WHQL_W7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\WHQL_LH64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\WHQL_LH folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\Panel folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\OSDRC folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\MMRes folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\InstScript\Win7 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\InstScript\Vista folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\InstScript folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\INFs folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer)\CloseApp folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Dritek Launch Manager (Acer) folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\WinXP2003_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\WinXP2003_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\Win7_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\Win7_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\Win2K folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\vista_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131\vista_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8131 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\WinXP2003_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\WinXP2003_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\Win7_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\Win7_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\Win2K folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\vista_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121\vista_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS\8121 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\RIS folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\Readme folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\WinXP2003_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\WinXP2003_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\Win7_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\Win7_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\Win2K folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\vista_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131\vista_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8131 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\WinXP2003_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\WinXP2003_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\Win7_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\Win7_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\Win2K folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\vista_64 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121\vista_32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L\8121 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\Atheros Lan AR8132L folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ALPS Touchpad\Vi32\Eula folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ALPS Touchpad\Vi32\Data\Ico folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ALPS Touchpad\Vi32\Data folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ALPS Touchpad\Vi32 folder moved successfully.
C:\OEM\Preload\Autorun\DRV\ALPS Touchpad folder moved successfully.
C:\OEM\Preload\Autorun\DRV folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\_notes folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\Images\_notes folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\Images folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\Home\_notes folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\Home folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\Guide folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse\Contents folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX\HowToUse folder moved successfully.
C:\OEM\Preload\Autorun\AutorunX folder moved successfully.
C:\OEM\Preload\Autorun\APP\Welcome Center folder moved successfully.
C:\OEM\Preload\Autorun\APP\VCM folder moved successfully.
C:\OEM\Preload\Autorun\APP\Norton Online Backup folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\zk1xpfqs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\z8ww3aes.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\z4592ges.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\xk1xpfqs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\x4592ges.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\ulpCRTx86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\ulpCRTx64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\ulCRTx86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\ulCRTx64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\rujxfouq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\r6hpravq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\y8ww3aes.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\qujxfouq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\ignokzyq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\dlpCRTx86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\dlpCRTx64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\6vibsths.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\67wtistq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\2kfkwlwq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\2ggml9qs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies\28ikwyqs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Policies folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\p6hpravq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\nf1qiswq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\Manifests folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\lf1qiswq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\jwfvlhtq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\jgnokzyq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\hwfvlhtq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\fh9vhhuq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\dlCRTx86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\dlCRTx64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\dh9vhhuq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\bql1q2cs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\9ql1q2cs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\7vibsths.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\77wtistq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\3kn09qps.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\3kfkwlwq.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\3ggml9qs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\38ikwyqs.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs\1kn09qps.lm8 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\winsxs folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\system32\Ansi folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows\system32 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Windows folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec Egis Software Update\res\images folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec Egis Software Update\res\i18n folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec Egis Software Update\res folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec Egis Software Update folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x86\xp32 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x86\win732 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x86\vista32 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x86\supportXP\xp32 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x86\supportXP folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x64\win764 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x64\vista64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\x64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\win764 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\win732 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\vista64 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\vista32 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\pmm\Contents\default\images folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\pmm\Contents\default folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\pmm\Contents folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\pmm folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\zh-TW\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\zh-TW folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\zh-CN\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\zh-CN folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\TR\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\TR folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\SV\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\SV folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\SL\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\SL folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\SK\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\SK folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\RU\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\RU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\RO\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\RO folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\PT\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\PT folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\PL\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\PL folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\NO\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\NO folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\NL\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\NL folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\LV\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\LV folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\LT\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\LT folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\KO\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\KO folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\JA\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\JA folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\IT\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\IT folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\img folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\HU\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\HU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\HR\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\HR folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\FR\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\FR folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\FI\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\FI folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\ET\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\ET folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\ES\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\ES folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\EL\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\EL folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\DU\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\DU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\DE\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\DE folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\DA\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\DA folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\css folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\CS\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\CS folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\BG\js folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget\BG folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\mywinlockergadget.gadget folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\locale folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Launcher\x86 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Launcher\Layout\Images folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Launcher\Layout folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Launcher\Ico folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Launcher\i18n folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\Launcher folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\icon folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\TU\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\TU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\TC\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\TC folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SV\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SV folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SL\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SL folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SK\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SK folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SC\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\SC folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\RU\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\RU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\RO\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\RO folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\PT\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\PT folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\PL\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\PL folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\NO\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\NO folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\LV\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\LV folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\LT\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\LT folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\KO\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\KO folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\JP\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\JP folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\IT\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\IT folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\HU\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\HU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\HR\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\HR folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\GR\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\GR folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\FR\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\FR folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\FI\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\FI folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\ET\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\ET folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\ES\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\ES folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\EN\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\EN folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\DU\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\DU folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\DE\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\DE folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\DA\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\DA folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\CZ\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\CZ folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\BG\stylesheet folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help\BG folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3\help folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec\MyWinLocker 3 folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files\EgisTec folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\program files folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Common\EgisTec folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3\Common folder moved successfully.
C:\OEM\Preload\Autorun\APP\MyWinLocker v3 folder moved successfully.
C:\OEM\Preload\Autorun\APP\Google Toolbar Acer Edition folder moved successfully.
C:\OEM\Preload\Autorun\APP\eSobi folder moved successfully.
C:\OEM\Preload\Autorun\APP\Adobe Reader v9.1 folder moved successfully.
C:\OEM\Preload\Autorun\APP\Adobe Flash Player folder moved successfully.
C:\OEM\Preload\Autorun\APP\Acer Updater folder moved successfully.
C:\OEM\Preload\Autorun\APP\Acer Registration folder moved successfully.
C:\OEM\Preload\Autorun\APP\Acer Identity Card folder moved successfully.
C:\OEM\Preload\Autorun\APP\Acer eRecovery Management folder moved successfully.
C:\OEM\Preload\Autorun\APP\Acer ePower Management folder moved successfully.
C:\OEM\Preload\Autorun\APP folder moved successfully.
C:\OEM\Preload\Autorun folder moved successfully.
C:\OEM\Preload folder moved successfully.
C:\OEM\MUI folder moved successfully.
C:\OEM\CHANGECOMPUTERICON\Packages\WindowsInformation folder moved successfully.
C:\OEM\CHANGECOMPUTERICON\Packages\DeviceInformation folder moved successfully.
C:\OEM\CHANGECOMPUTERICON\Packages folder moved successfully.
C:\OEM\CHANGECOMPUTERICON folder moved successfully.
C:\OEM\AHCISETTINGS folder moved successfully.
C:\OEM folder moved successfully.
File\Folder C:\ProgramData\ProgramData.lnk not found.
C:\Skypee folder moved successfully.
C:\Users\ajba\AppData\Roaming\Microsoft\Windows\Templates\googleu folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: ajba
->Temp folder emptied: 2680074 bytes
->Temporary Internet Files folder emptied: 2702770 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18955024 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 82545 bytes
RecycleBin emptied: 848 bytes

Total Files Cleaned = 23.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 05092014_094405

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# DelFix v10.7 - Logfile created 09/05/2014 at 10:00:20
# Updated 27/04/2014 by Xplode
# Username : ajba - AJBA-PC
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\AdwCleaner
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\Users\ajba\Desktop\Extras.Txt
Deleted : C:\Users\ajba\Desktop\JRT.txt
Deleted : C:\Users\ajba\Desktop\HiJackThis.lnk
Deleted : C:\Users\ajba\Desktop\OTL.Txt
Deleted : C:\Users\ajba\Desktop\OTL.exe
Deleted : C:\Users\ajba\Downloads\AdwCleaner.exe
Deleted : C:\Users\ajba\Downloads\JRT.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########

Adobe reader and flash have been updated.

Edited by xxmaxixx, 08 May 2014 - 08:37 PM.

#14
Machiavelli

Posted 08 May 2014 - 11:12 PM

GeekU Moderator

GeekU Moderator
4,722 posts

Hello,
sorry I have to say that I made a mistake. I deleted C:\OEM by mistake. This deleted some software from Acer (MyWinLocker, etc.). Sadly Delfix deleted the backup Files, so we can not move the folder from the Quarantine of OTL to C:\OEM.

I researched you could do factory restore, but it is also told that OEM contains some junk. We could leave it for now as it is (if you have no problems with the PC) or do a factory restore. I'm really sorry.