Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware that eats disk space [Closed]

Started by liwagon , Sep 18 2014 05:51 PM
Malware

  • This topic is locked This topic is locked

#1
liwagon
Posted 18 September 2014 - 05:51 PM

liwagon

    New Member

  • Member
  • Pip
  • 3 posts

Ok guys i am here to ask for help to remove my malware

symptoms is it just eats my disk space

i had a 5gb yesterday morning before i go to school

when i came back, it shrunk down to 5mb

and then it became kb

and then my laptop ran slow..thats all

 

the guide says to scan my pc with OTL

 

and copy the text file it creates

 

so here it is:

 

OTL.Txt - Notepad

 

OTL logfile created on: 2014-09-19 7:36:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JOSE GRECLO\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.88 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 58.11% Memory free
20.39 Gb Paging File | 17.09 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.01 Gb Total Space | 1.24 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
 
Computer Name: JOSEGRECLO | User Name: JOSE GRECLO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014-09-19 07:35:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JOSE GRECLO\Downloads\OTL.exe
PRC - [2014-09-12 14:14:55 | 013,559,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
PRC - [2014-09-12 14:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014-09-12 14:00:53 | 000,229,648 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
PRC - [2014-09-03 23:01:19 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-07-28 16:10:30 | 000,740,360 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2014-06-30 15:21:24 | 000,387,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
PRC - [2014-05-23 18:00:58 | 001,601,856 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
PRC - [2014-05-15 13:29:06 | 000,342,336 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2013-02-19 19:03:54 | 002,615,368 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
PRC - [2013-02-18 01:38:20 | 000,364,416 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2013-02-18 01:38:16 | 000,276,864 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013-02-18 01:37:52 | 000,128,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013-02-18 01:37:26 | 000,165,760 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2013-02-07 19:22:34 | 000,994,880 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2012-08-23 17:02:48 | 000,030,640 | ---- | M] () -- C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
PRC - [2012-07-25 23:20:44 | 000,349,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2012-07-13 19:27:00 | 000,769,432 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014-09-03 23:01:18 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppgooglenaclpluginchrome.dll
MOD - [2014-09-03 23:01:17 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
MOD - [2014-09-03 23:01:16 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
MOD - [2014-09-03 23:01:12 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libglesv2.dll
MOD - [2014-09-03 23:01:10 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\libegl.dll
MOD - [2014-09-03 23:01:09 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ffmpegsumo.dll
MOD - [2013-02-21 01:58:24 | 000,089,672 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
MOD - [2013-01-04 19:19:58 | 000,035,336 | ---- | M] () -- C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
MOD - [2012-08-23 17:02:48 | 000,030,640 | ---- | M] () -- C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014-07-24 15:09:54 | 001,041,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe -- (mfecore)
SRV:64bit: - [2014-06-20 10:30:38 | 000,189,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2014-06-20 10:23:12 | 000,219,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2014-06-12 16:10:46 | 000,603,424 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\mcafee\virusscan\mcods.exe -- (McODS)
SRV:64bit: - [2014-05-21 00:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2014-04-25 18:34:42 | 000,178,528 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\mcafee\msc\McAPExe.exe -- (McAPExe)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McOobeSv2)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2013-07-30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
SRV:64bit: - [2013-04-21 05:56:54 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013-04-21 05:50:07 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013-04-21 05:50:07 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013-04-21 05:45:15 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013-04-21 05:45:15 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013-04-21 05:38:02 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013-04-21 05:34:42 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013-04-21 05:05:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013-04-21 05:04:58 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2013-04-21 05:04:58 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013-03-15 18:00:12 | 000,662,088 | ---- | M] (Acer Incorporated) [On_Demand | Running] -- C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2013-03-14 21:43:30 | 000,431,656 | ---- | M] (Acer Incorporate) [Auto | Running] -- C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe -- (LMSvc)
SRV:64bit: - [2013-01-08 11:03:24 | 000,107,944 | ---- | M] (Condusiv Technologies) [Auto | Running] -- C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe -- (ExpressCache)
SRV:64bit: - [2012-12-21 16:37:20 | 000,334,760 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe -- (McAWFwk)
SRV:64bit: - [2012-11-12 16:34:56 | 000,345,744 | ---- | M] (Acer Incorporated) [On_Demand | Stopped] -- C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe -- (USecuAppSvc)
SRV:64bit: - [2012-07-25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012-07-25 23:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012-07-25 23:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012-07-25 23:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012-07-25 23:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012-07-25 23:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012-07-25 23:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012-07-25 23:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012-07-25 23:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012-07-25 23:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012-07-25 23:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012-07-25 23:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012-07-25 23:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012-07-25 20:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012-06-19 22:10:34 | 000,634,632 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2012-03-12 17:46:00 | 000,161,384 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe -- (FFSOpzSvc)
SRV - [2014-09-12 14:14:55 | 004,799,760 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014-08-28 07:48:02 | 000,833,728 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014-08-26 04:14:08 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014-07-28 16:12:40 | 000,156,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)
SRV - [2014-05-21 00:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014-05-15 13:29:06 | 000,342,336 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-02-28 21:07:00 | 000,227,968 | ---- | M] (Qualcomm Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2013-02-19 19:03:54 | 002,615,368 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe -- (CCDMonitorService)
SRV - [2013-02-18 05:38:58 | 000,668,984 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\irstrtsv.exe -- (irstrtsv)
SRV - [2013-02-18 01:38:20 | 000,364,416 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2013-02-18 01:38:16 | 000,276,864 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013-02-18 01:37:52 | 000,128,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013-02-18 01:37:26 | 000,165,760 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012-08-15 14:44:50 | 003,943,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2012-07-25 23:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012-07-25 23:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012-07-13 19:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010-10-12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014-07-24 14:32:30 | 000,096,592 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mfencrk.sys -- (mfencrk)
DRV:64bit: - [2014-07-24 14:31:56 | 000,444,720 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfencbdc.sys -- (mfencbdc)
DRV:64bit: - [2014-06-20 10:38:22 | 000,072,128 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2014-06-20 10:31:06 | 000,348,552 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2014-06-20 10:26:02 | 000,786,296 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2014-06-20 10:23:40 | 000,523,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2014-06-20 10:21:48 | 000,313,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2014-06-20 10:20:54 | 000,181,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2014-06-20 10:09:34 | 000,070,600 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mfeelamk.sys -- (mfeelamk)
DRV:64bit: - [2014-05-21 00:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013-09-23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HipShieldK.sys -- (HipShieldK)
DRV:64bit: - [2013-04-21 05:57:53 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013-04-21 05:56:54 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013-04-21 05:56:54 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013-04-21 05:50:07 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013-04-21 05:50:07 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013-04-21 05:41:20 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013-04-21 05:39:44 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013-04-21 05:38:02 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013-04-21 05:38:02 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013-04-21 05:34:40 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013-04-21 05:26:28 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2013-04-21 05:26:27 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013-04-21 05:09:46 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013-04-21 05:04:56 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013-04-21 05:04:56 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013-04-21 05:04:56 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013-04-21 05:04:56 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013-04-21 05:04:56 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013-04-21 05:04:56 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013-03-27 02:34:26 | 000,794,184 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013-03-11 05:03:26 | 003,776,000 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2013-03-07 00:26:16 | 000,469,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013-03-07 00:26:14 | 000,031,984 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013-03-05 04:40:26 | 000,455,240 | ---- | M] (RTS Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RtsPer.sys -- (RTSPER)
DRV:64bit: - [2013-02-28 20:50:28 | 000,583,760 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2013-02-28 20:50:26 | 000,136,424 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2013-02-28 20:50:26 | 000,077,464 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2013-02-28 20:50:24 | 000,346,192 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2013-02-28 20:50:24 | 000,179,432 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2013-02-28 20:50:24 | 000,115,280 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2013-02-28 20:50:24 | 000,089,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2013-02-28 20:50:24 | 000,034,384 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2013-02-18 05:38:48 | 000,043,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\irstrtdv.sys -- (irstrtdv)
DRV:64bit: - [2013-02-18 01:37:36 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013-01-31 18:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013-01-09 23:23:14 | 000,021,360 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\LMDriver.sys -- (LMDriver)
DRV:64bit: - [2013-01-09 23:23:14 | 000,015,704 | ---- | M] (Acer Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioShim.sys -- (RadioShim)
DRV:64bit: - [2013-01-08 11:03:30 | 000,112,552 | ---- | M] (Condusiv Technologies) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\excsd.sys -- (excsd)
DRV:64bit: - [2013-01-08 11:03:30 | 000,026,024 | ---- | M] (Condusiv Technologies) [File_System | System | Running] -- C:\Windows\SysNative\Drivers\excfs.sys -- (excfs)
DRV:64bit: - [2012-07-26 01:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012-07-26 01:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012-07-26 01:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012-07-26 01:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012-07-26 01:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012-07-26 01:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012-07-26 01:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012-07-26 01:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012-07-26 01:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012-07-26 01:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012-07-26 01:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012-07-26 01:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012-07-26 01:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012-07-26 01:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012-07-26 01:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012-07-26 01:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012-07-26 01:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012-07-26 01:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012-07-26 01:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012-07-26 00:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012-07-26 00:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012-07-26 00:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012-07-25 23:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012-07-25 22:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012-07-25 22:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012-07-25 22:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012-07-25 22:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012-07-25 22:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012-07-25 22:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012-07-25 22:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012-07-25 22:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012-07-25 22:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012-07-25 22:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012-07-25 22:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012-07-25 22:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012-07-25 22:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012-07-25 22:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012-07-25 22:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012-07-25 22:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012-07-25 22:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012-07-25 22:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012-07-25 22:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012-07-25 22:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012-07-25 22:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012-07-25 22:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012-06-19 10:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012-06-02 10:31:33 | 005,139,968 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BCMWL63A.SYS -- (BCM43XX)
DRV:64bit: - [2012-05-25 20:56:14 | 000,168,608 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\NARAx64\0401000.00E\ccSetx64.sys -- (ccSet_NARA)
DRV:64bit: - [2009-10-20 04:34:26 | 000,009,728 | ---- | M] (QUANTA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\QRDCIO.sys -- (QRDCIO)
DRV - [2013-11-19 16:10:36 | 000,034,848 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys -- (RegFilter)
DRV - [2013-11-19 16:10:36 | 000,023,016 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys -- (UrlFilter)
DRV - [2013-03-23 15:48:48 | 000,023,048 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys -- (FileMonitor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {889C0BB6-A7AE-46D6-8EEF-FBCF09B256D1}
IE:64bit: - HKLM\..\SearchScopes\{889C0BB6-A7AE-46D6-8EEF-FBCF09B256D1}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://ca.yhs4.searc...p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {889C0BB6-A7AE-46D6-8EEF-FBCF09B256D1}
IE - HKLM\..\SearchScopes\{889C0BB6-A7AE-46D6-8EEF-FBCF09B256D1}: "URL" = http://www.bing.com/...E10TR&pc=MAARJS
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
IE - HKLM\..\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}: "URL" = http://ca.yhs4.searc...p={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
IE - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001\..\SearchScopes,DefaultScope = {889C0BB6-A7AE-46D6-8EEF-FBCF09B256D1}
IE - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}: "URL" = http://www.default-s...p={searchTerms}
IE - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\JOSE GRECLO\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2014-08-10 03:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014-09-01 00:25:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2014-09-02 08:46:39 | 000,000,000 | ---D | M]
 
[2014-09-04 02:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOSE GRECLO\AppData\Roaming\Mozilla\Extensions
[2014-09-18 10:31:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JOSE GRECLO\AppData\Roaming\Mozilla\Firefox\Profiles\g8gn98kk.default\extensions
[2014-09-18 10:31:24 | 000,000,000 | ---D | M] (Ads Removal) -- C:\Users\JOSE GRECLO\AppData\Roaming\Mozilla\Firefox\Profiles\g8gn98kk.default\extensions\[email protected]
[2014-09-04 02:49:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014-09-04 02:49:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013-11-15 03:32:00 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel® Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: McAfee SecurityCenter (Disabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL
CHR - default_search_provider: C62CB49F8B86B09A814735384F2B7316521E48F436297985031BE6B3688BC737 (Enabled)
CHR - default_search_provider: search_url = 631C4893159FA104A4AB24BB4AD9855828C9619FA6868EA04CCCCFE71949EABF
CHR - default_search_provider: suggest_url = 
CHR - homepage: 4AC1BB8CF603C0B7097DACED89F2C95AC6CBA23F86521127286783D189D2BA19
CHR - Extension: Google Docs = C:\Users\JOSE GRECLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\JOSE GRECLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: SiteAdvisor = C:\Users\JOSE GRECLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.65.135.1_0\
CHR - Extension: AdBlock = C:\Users\JOSE GRECLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Google Wallet = C:\Users\JOSE GRECLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Dota2Lounge.com Prices = C:\Users\JOSE GRECLO\AppData\Local\Google\Chrome\User Data\Default\Extensions\paifmhedgkaeboeoikgfamieodjljomh\1.2.5_0\
 
O1 HOSTS File: ([2012-07-26 01:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (no name) - {4254E07D-1B18-446C-BA07-20A70E629F88} - C:\Program Files (x86)\AEVITA Save Flash\saveflash.dll ()
O2 - BHO: (Ads Removal) - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&AEVITA Save Flash) - {33973600-925A-11D9-A1F6-9234C84D2622} - C:\Program Files (x86)\AEVITA Save Flash\saveflash.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2859171435-3815312426-4275053423-1001..\Run: [Facebook Update] C:\Users\JOSE GRECLO\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros Commnucations)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
O9 - Extra Button: AEVITA Save Flash - {0C4D904C-697B-4F51-B82F-D5D8D8D36405} - C:\Program Files (x86)\AEVITA Save Flash\saveflash.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{837B86DA-239D-4B7C-B939-E4D1E7AF695B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5034862-83C8-40D5-8C88-5D425A637BAF}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014-09-19 07:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014-09-19 06:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arch Luna Online - Luna Plus
[2014-09-19 06:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arch Luna Online - Luna Plus
[2014-09-18 10:31:28 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2014-09-18 10:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2014-09-18 10:31:16 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Roaming\IObit
[2014-09-18 10:31:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2014-09-15 18:19:21 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\ElevatedDiagnostics
[2014-09-07 02:04:45 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\Documents\Custom Office Templates
[2014-09-07 01:34:15 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\Free YouTube Downloader
[2014-09-07 01:34:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free YouTube Downloader
[2014-09-07 01:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free YouTube Downloader
[2014-09-07 01:30:41 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Roaming\Aura YouTube Downloader
[2014-09-07 01:30:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aura4You
[2014-09-07 01:30:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aura4You
[2014-09-04 02:49:10 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Roaming\Mozilla
[2014-09-04 02:49:10 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\Mozilla
[2014-09-04 02:49:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2014-09-04 02:49:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014-09-04 02:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AEVITA Save Flash
[2014-09-04 02:37:26 | 000,000,000 | -H-D | C] -- C:\Users\JOSE GRECLO\AppData\Roaming\AEVITA
[2014-09-04 02:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AEVITA Save Flash
[2014-09-02 09:01:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2014-09-02 09:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014-09-02 08:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2014-09-01 01:35:47 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\assembly
[2014-09-01 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\Deployment
[2014-09-01 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\Apps
[2014-09-01 00:41:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\AutoKMS
[2014-09-01 00:41:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Toolkit
[2014-09-01 00:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2014-09-01 00:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
[2014-09-01 00:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2014-09-01 00:21:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2014-09-01 00:20:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2014-09-01 00:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2014-09-01 00:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2014-09-01 00:17:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2014-09-01 00:17:12 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\Microsoft Help
[2014-09-01 00:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2014-09-01 00:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2014-08-27 22:38:58 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\Documents\Adobe
[2014-08-22 07:51:59 | 000,000,000 | ---D | C] -- C:\Users\JOSE GRECLO\AppData\Local\Facebook
 
========== Files - Modified Within 30 Days ==========
 
[2014-09-19 07:25:40 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014-09-19 07:25:23 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-19 07:23:39 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014-09-19 07:23:33 | 2472,345,599 | -HS- | M] () -- C:\hiberfil.sys
[2014-09-19 07:09:48 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2014-09-19 06:48:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-19 06:05:18 | 000,001,213 | ---- | M] () -- C:\Users\Public\Desktop\Arch Luna Online - Luna Plus.lnk
[2014-09-19 05:23:40 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2014-09-19 04:57:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2859171435-3815312426-4275053423-1001UA.job
[2014-09-18 22:36:59 | 000,084,764 | ---- | M] () -- C:\Users\JOSE GRECLO\Desktop\10705301_10202788708140905_217655650_n.jpg
[2014-09-18 10:31:20 | 000,001,219 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014-09-18 07:57:00 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2859171435-3815312426-4275053423-1001Core.job
[2014-09-17 21:48:34 | 000,026,590 | ---- | M] () -- C:\Users\JOSE GRECLO\Desktop\a.jpg
[2014-09-17 09:08:25 | 000,001,132 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 9.lnk
[2014-09-16 06:27:16 | 000,367,358 | ---- | M] () -- C:\Users\JOSE GRECLO\AppData\Local\census.cache
[2014-09-16 06:27:11 | 000,113,212 | ---- | M] () -- C:\Users\JOSE GRECLO\AppData\Local\ars.cache
[2014-09-11 04:51:43 | 000,002,225 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-09-10 08:03:40 | 000,848,230 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014-09-10 08:03:40 | 000,723,700 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014-09-10 08:03:40 | 000,136,838 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014-09-08 21:00:12 | 000,021,713 | ---- | M] () -- C:\Users\JOSE GRECLO\Desktop\haha.jpg
[2014-09-07 18:59:55 | 000,199,473 | ---- | M] () -- C:\Users\JOSE GRECLO\Desktop\foronly.jpg
[2014-09-07 18:46:27 | 000,114,804 | ---- | M] () -- C:\Users\JOSE GRECLO\Desktop\bad.jpg
[2014-09-07 01:34:14 | 000,001,359 | ---- | M] () -- C:\Users\JOSE GRECLO\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2014-09-07 01:34:14 | 000,001,335 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2014-09-05 05:40:18 | 005,045,640 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014-09-04 04:56:30 | 000,000,132 | ---- | M] () -- C:\Users\JOSE GRECLO\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014-09-04 02:49:03 | 000,001,193 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-08-28 09:53:48 | 000,001,347 | ---- | M] () -- C:\Users\JOSE GRECLO\Desktop\Windows Media Player.lnk
 
========== Files Created - No Company Name ==========
 
[2014-09-19 06:05:18 | 000,001,213 | ---- | C] () -- C:\Users\Public\Desktop\Arch Luna Online - Luna Plus.lnk
[2014-09-19 05:23:40 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2014-09-18 22:36:58 | 000,084,764 | ---- | C] () -- C:\Users\JOSE GRECLO\Desktop\10705301_10202788708140905_217655650_n.jpg
[2014-09-18 10:31:20 | 000,001,219 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2014-09-17 21:48:33 | 000,026,590 | ---- | C] () -- C:\Users\JOSE GRECLO\Desktop\a.jpg
[2014-09-08 21:00:12 | 000,021,713 | ---- | C] () -- C:\Users\JOSE GRECLO\Desktop\haha.jpg
[2014-09-07 18:59:53 | 000,199,473 | ---- | C] () -- C:\Users\JOSE GRECLO\Desktop\foronly.jpg
[2014-09-07 18:46:26 | 000,114,804 | ---- | C] () -- C:\Users\JOSE GRECLO\Desktop\bad.jpg
[2014-09-07 01:34:14 | 000,001,359 | ---- | C] () -- C:\Users\JOSE GRECLO\Application Data\Microsoft\Internet Explorer\Quick Launch\Free YouTube Downloader.lnk
[2014-09-07 01:34:14 | 000,001,335 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube Downloader.lnk
[2014-09-04 04:56:30 | 000,000,132 | ---- | C] () -- C:\Users\JOSE GRECLO\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014-09-04 02:49:03 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014-09-04 02:49:03 | 000,001,193 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014-09-02 09:02:10 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2014-09-02 09:01:24 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014-09-02 09:00:14 | 000,001,399 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2014-09-02 09:00:12 | 000,001,565 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2014-08-28 09:53:48 | 000,001,347 | ---- | C] () -- C:\Users\JOSE GRECLO\Desktop\Windows Media Player.lnk
[2014-08-23 07:41:06 | 000,000,987 | ---- | C] () -- C:\Users\JOSE GRECLO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
[2014-08-22 07:52:24 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2859171435-3815312426-4275053423-1001UA.job
[2014-08-22 07:52:24 | 000,000,952 | ---- | C] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2859171435-3815312426-4275053423-1001Core.job
[2014-07-13 03:06:26 | 000,218,200 | ---- | C] () -- C:\WINDOWS\SysWow64\unrar.dll
[2014-07-07 04:33:41 | 000,367,358 | ---- | C] () -- C:\Users\JOSE GRECLO\AppData\Local\census.cache
[2014-07-07 04:33:35 | 000,113,212 | ---- | C] () -- C:\Users\JOSE GRECLO\AppData\Local\ars.cache
[2014-07-07 04:11:05 | 000,000,036 | ---- | C] () -- C:\Users\JOSE GRECLO\AppData\Local\housecall.guid.cache
[2014-05-21 00:33:38 | 000,348,088 | ---- | C] () -- C:\WINDOWS\SysWow64\igdmd32.dll
[2014-05-21 00:33:32 | 000,183,808 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2014-05-21 00:33:32 | 000,142,848 | ---- | C] () -- C:\WINDOWS\SysWow64\igdail32.dll
[2014-03-29 09:50:49 | 000,000,675 | ---- | C] () -- C:\Users\JOSE GRECLO\JOSE GRECLO - Shortcut.lnk
[2013-09-18 03:24:27 | 000,002,192 | ---- | C] () -- C:\Users\JOSE GRECLO\Encarta Reference Library DVD 2005.lnk
[2013-06-11 15:03:38 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013-04-30 11:33:58 | 000,598,780 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng700.bin
[2013-04-30 11:33:57 | 000,755,048 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng700.bin
[2013-04-21 05:04:58 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
 
========== ZeroAccess Check ==========
 
[2014-06-22 08:14:57 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013-04-21 05:50:08 | 019,791,360 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-04-21 05:50:08 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013-06-11 15:31:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\acer
[2013-06-11 15:15:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Synaptics
[2014-07-07 22:37:44 | 000,000,000 | ---D | M] -- C:\Users\gregg_000\AppData\Roaming\rmi
[2014-06-22 05:03:00 | 000,000,000 | ---D | M] -- C:\Users\gregg_000\AppData\Roaming\Synaptics
[2014-07-03 10:39:48 | 000,000,000 | ---D | M] -- C:\Users\johan_000\AppData\Roaming\AVG
[2014-06-26 07:04:05 | 000,000,000 | ---D | M] -- C:\Users\johan_000\AppData\Roaming\Synaptics
[2014-09-04 02:37:28 | 000,000,000 | -H-D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\AEVITA
[2014-09-07 01:30:41 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\Aura YouTube Downloader
[2014-07-03 09:09:53 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\AVG
[2014-07-08 03:07:32 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\D2MP
[2014-09-18 10:31:16 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\IObit
[2014-07-07 22:37:44 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\rmi
[2014-06-22 05:11:18 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\Synaptics
[2014-08-18 21:46:35 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\TeamViewer
[2014-07-23 23:56:25 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\tixati
[2014-09-18 10:30:56 | 000,000,000 | ---D | M] -- C:\Users\JOSE GRECLO\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 57 bytes -> C:\Users\JOSE GRECLO\OneDrive.old:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\JOSE GRECLO\OneDrive:ms-properties
@Alternate Data Stream - 220 bytes -> C:\Users\JOSE GRECLO\OneDrive (2).old:ms-properties
 
< End of report >
 

  • 0

Advertisements

#2
liwagon
Posted 18 September 2014 - 05:54 PM

liwagon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

there were 2 txt file that popped after the scan

 

heres the other one:

 

Extras.Txt - Notepad

 

OTL Extras logfile created on: 2014-09-19 7:36:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\JOSE GRECLO\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16519)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd
 
7.88 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 58.11% Memory free
20.39 Gb Paging File | 17.09 Gb Available in Paging File | 83.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448.01 Gb Total Space | 1.24 Gb Free Space | 0.28% Space Free | Partition Type: NTFS
 
Computer Name: JOSEGRECLO | User Name: JOSE GRECLO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2859171435-3815312426-4275053423-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0155C0EB-60C0-4831-880B-B7B4ED22815A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{243B8009-FF74-4221-A916-67BEDD5590C4}" = lport=445 | protocol=6 | dir=in | app=system | 
"{2A8DAD64-C44D-49D1-BF13-64D4B7606AA7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CF4002B-A124-4710-94E0-CAE078C467D5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{561272F8-9ECD-4B56-8940-F1D596A4745C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{6474DAC0-6CDB-48B5-BA30-1CBA1AFBBAC3}" = rport=138 | protocol=17 | dir=out | app=system | 
"{65070197-661F-4CE4-876F-2E6C39C198CB}" = lport=137 | protocol=17 | dir=in | app=system | 
"{847332AC-A10E-45C0-97BD-949365B0F954}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8CAD730B-66F3-47F8-9BCF-844913BFBCA2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A0FE93E2-B710-4F70-9DDB-129894200076}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C7021FED-69B5-4938-8B36-D8C4C1941CE8}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{CB3FA1CB-2DC5-4C80-A6F4-0F8D1EB853D2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E21B49D0-A4C6-4EB8-9356-3C088D60C44D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | 
"{E7CD4652-33A3-410A-8F18-B7457834FDF5}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0126328E-4769-448D-B5E1-2E86D5ADBC02}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{01B49A28-E6B7-473D-ABB8-DC2AE77A8212}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{0227A7CC-5ECA-4E5B-8D9C-165FFAE4DA67}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{034E757E-A50C-403C-897D-D8A6B2E8D911}" = dir=out | name=kindle | 
"{0351597E-9963-4A0D-AD57-F89797911D68}" = dir=out | name=@{microsoft.zunemusic_1.5.216.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{03FDB552-AD4A-4AA9-B357-0FC6D328557F}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{0466D12E-8969-4562-A102-8CE6AE0D9F19}" = dir=in | name=newsxpresso | 
"{047D1177-97A2-47BE-BF14-E7F2D2CD42B9}" = dir=out | name=social jogger | 
"{05E7BEF3-930D-4235-A6AC-DEBE5524E9D1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{05EE916C-A7B9-4240-90B0-45596D5E3463}" = dir=in | name=newsxpresso | 
"{06D4E047-998E-47D6-88D9-00C587FA09AB}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{083C25F8-6403-4CF5-841E-4C9F5246B0CF}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{0B5DE57B-4BDF-44C0-B248-A6BBAE7EFB47}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{0BE20594-D213-44C7-9F09-F3E2F2F579C7}" = protocol=17 | dir=in | app=c:\users\jose greclo\appdata\roaming\utorrent\utorrent.exe | 
"{0CBC2DB4-5A8E-4F19-BCE7-614C8EB2235D}" = dir=out | name=kindle | 
"{0DCB3DF5-C4AD-4E15-9736-52C1BA61DA6C}" = dir=out | name=zinio | 
"{0E8FF9B5-5782-4140-990B-0FD627D909EB}" = protocol=6 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{10EC19D9-690C-4D5F-87B8-18059EFD17EC}" = dir=out | name=ebay | 
"{10F998C0-04E8-434B-B4E7-DBF748D206C7}" = dir=out | name=amazon | 
"{11DD5E5D-CDAF-44EE-BEBC-A19CE7DDAECC}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{1361FF12-D46F-44E2-B9A5-50825F92AC89}" = dir=out | name=social jogger | 
"{136CE612-3D99-4BB0-B360-33311EB181B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{142E18A5-5CBD-415C-AC7D-8C1A0B95D65E}" = dir=out | name=netflix | 
"{19E27898-987A-4566-BD21-02AF37735794}" = dir=in | name=acer explorer | 
"{1BA98B4E-514D-4489-8E9F-24ECBB5CF4CB}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{1D1AA307-D1D2-4214-819C-A442943758CB}" = dir=in | name=music maker jam | 
"{20404EAE-BA7B-40AE-8867-263B5C5AA894}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{2046ED50-17A2-451C-B701-F3DD38908465}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{21B0F45C-ECBD-469F-967A-2D1320ED9F18}" = protocol=17 | dir=in | app=c:\program files (x86)\nero\nero 12\nero backitup\backitup.exe | 
"{27B9E54D-3330-436B-9670-A036286982A5}" = dir=out | name=music maker jam | 
"{28BFD301-403D-4A7C-8673-94C6A77F3B5B}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{2A0BA84F-D5F2-4519-AC34-4EF94BBF19C0}" = protocol=6 | dir=in | app=c:\users\jose greclo\appdata\roaming\utorrent\utorrent.exe | 
"{2A76C109-625E-45DF-AE01-1B582B4FA1CE}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{2BAE71B2-F0B1-49D1-9277-927D1CC1B74C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | 
"{2BB50028-2029-427A-A873-35521B3F2466}" = dir=in | name=music maker jam | 
"{31D68F68-21D3-4B09-9D2B-D1CE0A580F45}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{31E29E0C-8DE1-427C-B1FD-E1DA4EFA362D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{32DA8B82-9376-468E-8B46-B17FA1AE9D1A}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{3388C273-1684-434E-80B3-40211C6D6B1B}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{33AFAEFD-9429-4FCD-8607-984DDAA31731}" = dir=in | name=music maker jam | 
"{352CDE4E-FEE3-4332-9D39-76E286957A09}" = dir=out | name=zinio | 
"{369C96A6-532F-4141-A462-AF77250170E4}" = dir=out | name=shark dash | 
"{3790DC5F-C837-4C48-8F19-218683BD2491}" = dir=out | name=acer explorer | 
"{38CE2489-8E8D-43B0-8829-4D8ADCC5F3BD}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{3D6B8EEB-4819-453F-9216-FA62E4BCDF34}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{3D7D2B09-99A1-4D73-9D67-E46261A2328C}" = protocol=1 | dir=in | [email protected],-28543 | 
"{3D989A8B-6D93-4F6E-BCF0-DC6BF6ED5ECA}" = dir=out | name=acer explorer | 
"{3F9B07A5-93A0-43C8-9C21-117FC24F8115}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{40310AA7-7FA3-4C28-82AA-FAF77FBF4F45}" = dir=out | name=icookbook se | 
"{41871A72-EC4F-46A2-A63D-E6679AC9C34F}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{4259BC9B-462E-4821-B79D-BCA7BB3624D0}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{42710A09-8DCE-4E63-B8DE-412176BD8E57}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{42F1AC4D-A360-402D-8E8E-1B17960FD226}" = dir=out | name=zinio | 
"{448DDDFB-D90F-466A-86E1-C486CE90235B}" = dir=out | name=shark dash | 
"{44FA0BA3-CFD5-460D-B62E-A29D3F0E20F5}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{46B2C4FE-72D8-407F-B7EF-1661D96A55D2}" = dir=out | name=- games app - | 
"{4700C0B8-07F8-4D4F-B49A-C84B24048E86}" = dir=out | name=7digital music store | 
"{47B0585F-B3B6-4A5E-BAB1-5E65AABEC5E8}" = dir=out | name=kindle | 
"{4833D8F4-16DB-4847-86BB-0FFCD1D8242B}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{4868A7DE-F2AD-456D-93BD-B5A9A16378A1}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{4ACC3F41-D196-40F1-92FA-4934C6707685}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{4B9E3648-7B81-48FD-A8BE-CC2BAED661A3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\steamwebhelper.exe | 
"{4B9F93BD-2666-41B4-ABC5-C053026DE7E8}" = protocol=1 | dir=out | [email protected],-28544 | 
"{5268C6C0-0C32-4029-8F35-CFA2CC2087D6}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{52DE555A-F376-45EC-B157-2739BDB2924F}" = dir=in | name=ebay | 
"{531AE76B-9F2C-4CB9-9E07-00D222C982A5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{53BB0659-0BC2-4C81-8C29-A9A5ACE0E39A}" = dir=out | name=ebay | 
"{54490CF5-456C-429E-A1AF-4E80300129FE}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{581D25AE-7713-4166-ACAC-EAF107EB9C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{593275A3-D3D7-4117-B415-B086FEBBC3FC}" = protocol=58 | dir=in | [email protected],-28545 | 
"{5949DAB7-0BB6-42E4-8FF0-B9900B8C7F6E}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{5A2B14AD-664F-4D4E-A5E2-60CD976CF65B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{5A4C7BDA-A777-4DE2-8B9E-889ED8CEEFED}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe | 
"{5A800859-111A-47A5-93FE-02DC10F78CA1}" = dir=out | name=social jogger | 
"{5AFDAE6E-EF15-48B3-9AAC-741DA157B6EA}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{5B7064B0-710D-4E8F-8960-D8318EB916EE}" = dir=out | name=7digital music store | 
"{5E720508-F4A7-4AFC-96CC-284C9878372C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{5E8DD768-C070-43F7-B22E-4B3993475D0E}" = dir=in | name=newsxpresso | 
"{5FD8847F-CD78-4284-9799-930A039589A3}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{609CB6FB-9071-48C9-89DF-6EA27FF0980B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{60EF1D42-BBEC-4737-87C6-74A325470852}" = dir=out | name=blocked in | 
"{612EEE77-8AB6-4757-9314-7F80EA9C6696}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{62BC6806-05CA-436F-973C-CDB27B926B07}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{6612E7C1-C4C7-413E-A364-41962774418E}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{66EDD00F-F9F4-4A9A-9DEB-647B8D295CCC}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{69898123-EEFA-440D-A210-E32DC09013B8}" = dir=out | name=7digital music store | 
"{6A5F2648-AD5A-4474-9FEB-921FA042B5D9}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{6AB31FE9-9D65-47FA-A199-31D429BC6723}" = dir=in | app=c:\users\jose greclo\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{6BDFA8EB-8768-4F67-B68C-1DCA60AFF7AB}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{6CEFD85D-DCD0-475A-8D10-08B905682DEB}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{6E0AA3E5-B2FB-4553-B990-5E37D0E016A7}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | 
"{6E204C33-324D-4F4F-9C28-0D07839870EE}" = dir=out | name=amazon | 
"{6F348855-5151-4941-8045-268D133C1DB9}" = dir=out | name=shark dash | 
"{6FD0B919-4AB7-48A9-B91B-8E3F23AF053B}" = dir=out | name=cut the rope | 
"{71B02D0A-63EE-4C8D-AFAE-B1C9AD812E48}" = dir=out | name=ebay | 
"{73408B68-235B-46DA-8E36-67E6DCA7981F}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{74C54EC4-6880-4185-A5C4-8A46D7EFF3F7}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{7702D8FF-50F2-49CD-9DE9-6F97EF49907E}" = dir=out | name=newsxpresso | 
"{79E5BC97-75D1-44D6-A99F-6DD4E1A0E73B}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{7B280FB2-00C4-495E-B159-EDEEB53811EB}" = dir=out | name=cut the rope | 
"{7C051896-D706-41E2-A8E7-279B3FCC3E55}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{7D9AF91B-371D-4CEF-83AC-3F8D50EC1B63}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{7F8364A1-A4E7-44C4-8C3D-6BDE9F54D146}" = dir=out | name=acer crystal eye | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{8292781F-E7EB-4705-AEA2-6EF43319FDE8}" = dir=out | name=chacha | 
"{82DA38D6-F6F7-4F3F-BF6F-A4AD27F8187F}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{86FAD4BF-1818-4377-9E0A-5A255AC048A3}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{885F46C9-62B9-484B-AE24-29AC71CC6459}" = dir=out | name=stumbleupon | 
"{89A26E5F-BF2E-454B-833D-04F53C57F041}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{8A0829A3-B85F-4789-990B-2602233E641B}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{8AAEE21B-0B7E-4FE2-9AA8-19D18BD9F559}" = dir=out | name=acer crystal eye | 
"{8F35EE94-5190-4159-80A1-1C18483DF0A6}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{9070596C-0B9E-457D-ACCA-1FCFD95DA6B0}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{94840C6E-D7BE-441C-9AA6-3FF47EA0C730}" = dir=in | name=acer explorer | 
"{95451801-5C1E-4F6C-9950-D6A4F1E64719}" = dir=out | name=- games app - | 
"{955CD4EE-F314-4B2D-9412-0E7D4E2D28F8}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{9AB85FC4-4986-42A3-9804-075958856266}" = dir=in | app=c:\program files\acer\acer theft shield\usecuappclient.exe | 
"{9C5FEF40-B1F3-48C6-BCB7-C0D380386F97}" = dir=out | name=chacha | 
"{9DF184CA-1440-4686-A8FC-79699107A213}" = dir=out | name=music maker jam | 
"{9FBA129D-DFE1-4F4F-8182-03553D4C3DAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A28A9BB6-879A-4209-923B-A10F5523580A}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{A4198FC4-03A4-4F42-ACD9-E7B9D3E44955}" = dir=out | name=music maker jam | 
"{A505CF4D-6EAD-4B32-8AEC-44E575F65B67}" = dir=out | name=stumbleupon | 
"{A71BCF74-0F12-47DE-8DC9-184C6EAFA4B7}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{A8E729B6-80F2-4F55-9E96-1E2BF6B3B779}" = dir=out | name=cut the rope | 
"{AC24134A-375D-437B-A2F0-5707CF1797D5}" = protocol=58 | dir=out | [email protected],-28546 | 
"{ACCEC28D-5753-4FCB-98BF-758D869AC9F6}" = dir=out | name=netflix | 
"{AD679350-F9C6-4822-8FBE-3F6F5F9E8FBF}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{AF639860-B061-4A84-989B-BE1441919625}" = dir=in | name=acer explorer | 
"{B0956E2C-58DF-4871-A1EC-25455B70B030}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{B3B384A1-AB26-4AA4-9D47-D0B3D1F00436}" = dir=out | name=amazon | 
"{B3E08984-E999-460F-A0B3-12A9468AC19D}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{B433CBF9-C842-4EAC-B9FF-71B665B08A07}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B7B36E7B-7E14-41AF-B81B-81DBC0DBAD86}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{B7BDAD0E-618D-4157-AAE8-8F1D105477D6}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | 
"{B9867418-D902-459B-9A0A-A31C6855AA57}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\sdd.exe | 
"{BA67AB66-72CE-4E62-9C6E-E041B86DBCB6}" = dir=out | name=chacha | 
"{BA84BF68-E36B-4C77-A47E-8310D1A16D3A}" = dir=out | name=acer crystal eye | 
"{BE496506-A483-4FD5-B273-3F756A2D03BB}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe | 
"{C080FC26-5C53-4EDB-8371-80B5EB20B7F3}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{C2FA05B1-014B-4E7E-9199-ED1443CFBF1E}" = dir=in | name=ebay | 
"{C6AA1AF6-2553-47C9-961B-166E3286F0F4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C96F32A4-3C50-4156-B414-4A8ED2C453C3}" = dir=out | name=icookbook se | 
"{D4B446C5-BDDB-4D42-A57D-0ECAE043F042}" = dir=out | name=windows_ie_ac_001 | 
"{D5C83007-5F0E-483B-9A26-60680F150EA7}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{D6B907F0-B5B7-499C-BA4D-CEF126CBFA69}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{D751A9EA-AE2C-4010-AD3F-4A634FC1F5D3}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{D879806D-34E8-4D8E-A209-E15C81060A9A}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{D8A46A89-2623-4E80-8B16-CD8E6573896D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{DBD6F7E0-178C-4EB7-8AD8-747406188236}" = dir=out | name=- games app - | 
"{DCB537E3-F5CB-42F9-B960-620574EE44F8}" = dir=out | name=netflix | 
"{DE454729-9D43-4243-B7AC-965E256AE64B}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{DE8005D5-321E-4EAF-9AFD-53D48435507F}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{E036AC5F-2F78-4AE5-9BD6-BA86D4595C78}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E41E4C87-5C0E-479C-9628-351DE196EAD4}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{E7729934-A80B-4846-A13F-B00FB294F4B5}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E86A73A7-57C7-4F39-A7A3-7ECED2AAD388}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{EAC99482-EDA7-4797-8785-BE4EAC8BD01C}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{EB431AEF-0D5E-4387-A839-9D695E44182B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{EC390D37-268F-4CBA-874F-E1314D21153E}" = dir=out | name=acer explorer | 
"{EF770F92-A36F-4824-B863-BA6C98C09174}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | 
"{F16D99BE-8511-4A78-A82B-D7AC8266A5D0}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{F1C859AF-EB0D-497D-996E-0A7A0CB9FD45}" = dir=out | name=icookbook se | 
"{F26AEA70-1A40-47EA-9104-1EB68E4B4401}" = dir=in | name=ebay | 
"{F5330D92-B8B2-444A-97D4-92A6A35A87B0}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\virtualdrive.exe | 
"{F840F1D7-705A-48F9-82ED-F9E7F76C5A7A}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{FB7B86AE-4438-4097-81FA-2566CBE19241}" = dir=out | name=stumbleupon | 
"{FC18AC7D-1EF6-44DF-ABEE-1E487D789D4E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | 
"{FC33B87A-D533-4D35-A556-5A1CAF2E9235}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{FE1DCB50-32C8-41CA-A9A5-54347D302FE6}" = dir=out | name=newsxpresso | 
"{FE7B6001-F67B-4438-9C94-DB03C60EE2AF}" = dir=out | name=newsxpresso | 
"TCP Query User{26F455F8-B532-4DC3-9709-9B23902FF564}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe | 
"UDP Query User{26C3E62F-5BA6-48A5-BD87-D11E69374CDA}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07E867C5-0C48-40FF-A013-DDAF4565AD47}" = Acer USB Charge Manager
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel® Rapid Storage Technology
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}" = Acer Theft Shield
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{A84A4FB1-D703-48DB-89E0-68B6499D2801}" = Qualcomm Atheros Bluetooth Suite (64)
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BF63C2C3-9A5B-4366-AA5F-015292B919F0}" = Sleep Memory Optimizer
"{C123584F-9C84-45E8-AE5F-522328BB79A0}" = ExpressCache
"{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}" = Acer Launch Manager
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 5.10 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros WLAN and Bluetooth Client Installation Program
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" =  clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D073343-CEEB-4ce7-85AC-A69A7631B5D6}" = Intel® Rapid Start Technology
"{3D9CB654-99AD-4301-89C6-0D12A790767C}" = Identity Card
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}" = Nero BackItUp 12 Essentials OEM.a01
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{7D00AB67-B37B-4CEF-9375-D8BE973AE7A6}" = HID Monitor
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}" = Smart Timer
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2D43081-CF7B-4637-A9F3-E2651AA5C4A8}" = Nero RescueAgent
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud Portal
"{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1" = Free YouTube Downloader 4.0.284
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB539475-72ED-4463-928A-8CED8A06A0F1}_is1" = Arch Luna Online - Luna Plus version 2.1
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C9661090-C134-46E8-90B2-76D72355C2A6}" = Realtek PCIE Card Reader
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" =  clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"AEVITA Save Flash_is1" = AEVITA Save Flash version 1.5
"Angels Online_is1" = Angels Online
"Aura YouTube Downloader_is1" = Aura YouTube Downloader 1.0.8
"Google Chrome" = Google Chrome
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso 6.5
"IObit Malware Fighter_is1" = IObit Malware Fighter
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.6.0 Full
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox 32.0 (x86 en-US)" = Mozilla Firefox 32.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security Suite
"NARA" = Norton Online Backup ARA
"Spotify" = Spotify
"Steam" = Steam
"Steam App 570" = Dota 2
"TeamViewer 9" = TeamViewer 9
"tixati" = Tixati
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VLC media player 2.1.3
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WTA-071fc1e7-7695-4d64-9527-b1b42d65d141" = Mystery P.I. - Curious Case of Counterfeit Cove
"WTA-0fdc7f0e-6c87-4698-a77e-ec59d84b394c" = Bejeweled 3
"WTA-244bdf14-8172-4d32-8ebe-f1123757db92" = Delicious: Emily's Childhood Memories Premium Edition
"WTA-288b6a65-587a-4a91-b276-1b529feee2b2" = Peggle Nights
"WTA-4b360748-b8e7-4037-993f-75420dca11c0" = Plants vs. Zombies - Game of the Year
"WTA-4f8499e1-91f1-4f92-be63-f827e43aca08" = Tales of Lagoona
"WTA-594ad1e8-927a-429c-963d-9da748dcc90a" = Cradle Of Egypt Collector's Edition
"WTA-ad6fd4b9-2671-4053-819e-0cb66194f63a" = Jewel Match 3
"WTA-b3967848-f4de-4f9f-8e32-07a5a74b9ecb" = Dora's World Adventure
"WTA-f66d4531-e5bb-45e6-b978-12b1c46373e1" = The Chronicles of Emerland Solitaire
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2859171435-3815312426-4275053423-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2014-09-14 5:31:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 5:36:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 5:41:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 5:46:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 5:51:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 5:56:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 6:01:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 6:06:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 6:11:21 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
Error - 2014-09-14 6:13:18 AM | Computer Name = JOSEGRECLO | Source = .NET Runtime | ID = 1022
Description = 
 
[ System Events ]
Error - 2014-09-16 7:58:35 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:13:36 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:14:41 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:32:47 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:36:43 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:36:45 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:46:06 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:46:06 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:46:06 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
Error - 2014-09-16 8:46:13 PM | Computer Name = JOSEGRECLO | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
 

  • 0

#3
liwagon
Posted 21 September 2014 - 05:56 PM

liwagon

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts

bumpppppppp


  • 0

#4
BrianDrab
Posted 26 September 2014 - 09:46 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi liwagon -

 

Sorry for the delay in getting to you. Do you still need assistance? If so please follow the instructions below.

 

Step#1 - CKScanner
 
1. Download CKScanner by askey127 from here & save it to your Desktop.
2. Right-click on CKScanner.exe then click Run as Administrator to open. Allow if prompted.

3. Click Search For Files

4. When the cursor hourglass disappears, click Save List To File

5. A message box will verify the file saved

6. Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

 

Step#2 - FRST Scan
 
1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
    Note: You need to run the 64-bit Version so please ensure you download that one.
2. Right click to run as administrator. When the tool opens click Yes to disclaimer.
3. Press Scan button.
4. It will produce a log called FRST.txt in the same directory the tool is run from (which should now be the desktop)
5. Please copy and paste log back here.
6. The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe). Please also paste that along with the FRST.txt into your reply.

 

  

 

Items for your Next Post

1. CKFiles log

2. FRST and Addition logs


  • 0

#5
Dakeyras
Posted 01 October 2014 - 01:41 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP