Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Slow Like a Snail... Possible malware? Please help. [Solved]

Started by Andre Silva , Dec 15 2014 08:48 AM

  • This topic is locked This topic is locked

#1
Andre Silva
Posted 15 December 2014 - 08:48 AM

Andre Silva

    Member

  • Member
  • PipPipPip
  • 140 posts

Dear experts,

 

My computer has been performing very poorly. I'm suspecting malware. It's slow altogether, but more significant when browsing with Chrome and Firefox.

 

Here is OTL log. I would appreciate your kind help.

 

Thanks in advance!

 


OTL logfile created on: Dec/14/2014 11:44:49 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Izilda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MMM/d/yyyy
 
7.48 Gb Total Physical Memory | 3.51 Gb Available Physical Memory | 46.87% Memory free
14.96 Gb Paging File | 10.49 Gb Available in Paging File | 70.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 578.92 Gb Total Space | 228.12 Gb Free Space | 39.41% Space Free | Partition Type: NTFS
Drive D: | 16.96 Gb Total Space | 1.86 Gb Free Space | 10.95% Space Free | Partition Type: NTFS
Drive E: | 109.90 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 99.34 Mb Total Space | 89.20 Mb Free Space | 89.79% Space Free | Partition Type: FAT32
 
Computer Name: IZILDA-HP | User Name: Izilda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/12/14 23:44:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Izilda\Downloads\OTL (2).exe
PRC - [2014/12/12 05:36:29 | 005,227,112 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/12/10 15:17:25 | 000,337,520 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/12/09 13:59:55 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/12/09 13:53:13 | 000,176,552 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
PRC - [2014/12/08 22:45:28 | 039,207,112 | ---- | M] (Dropbox, Inc.) -- C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2014/12/05 20:50:53 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/07/23 12:52:01 | 000,102,400 | ---- | M] (                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ) -- C:\Program Files (x86)\Vono\Vono\Vono Manager.exe
PRC - [2014/07/21 11:23:58 | 000,546,104 | ---- | M] (GAS Tecnologia) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe
PRC - [2014/07/02 04:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
PRC - [2014/01/10 00:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2013/12/24 15:01:35 | 001,258,504 | ---- | M] (Easybits) -- C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
PRC - [2013/12/18 10:40:06 | 008,135,744 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
PRC - [2013/12/18 10:37:04 | 000,136,192 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
PRC - [2013/12/18 10:36:04 | 000,018,432 | ---- | M] (Clarus, Inc.) -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
PRC - [2013/11/06 07:55:40 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2013/11/06 07:55:38 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012/11/27 19:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/11/27 19:08:28 | 000,739,936 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/03/09 15:26:58 | 001,073,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/11 14:04:44 | 000,574,008 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/03/22 13:42:40 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
PRC - [2011/02/18 00:48:12 | 000,642,888 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
PRC - [2011/02/18 00:47:58 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
PRC - [2011/01/12 11:40:30 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/05/18 16:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/04/23 14:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/12/13 15:46:41 | 000,043,008 | ---- | M] () -- c:\Users\Izilda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppdrlax.dll
MOD - [2014/12/10 15:17:22 | 003,758,192 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/12/09 13:59:57 | 038,562,088 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/12/05 20:50:51 | 014,913,352 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
MOD - [2014/12/05 20:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
MOD - [2014/12/05 20:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
MOD - [2014/12/05 20:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
MOD - [2014/12/05 20:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
MOD - [2014/11/12 12:46:40 | 000,805,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\11650ce4aad4575fc146aa66a575bcb7\System.Runtime.Remoting.ni.dll
MOD - [2014/10/21 19:22:50 | 000,750,080 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Dropbox\bin\libGLESv2.dll
MOD - [2014/10/21 19:22:50 | 000,047,616 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Dropbox\bin\libEGL.dll
MOD - [2014/10/21 19:22:48 | 000,863,744 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
MOD - [2014/10/21 19:22:46 | 000,200,704 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
MOD - [2014/10/21 19:22:46 | 000,118,784 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Dropbox\bin\plugins\accessible\qtaccessiblewidgets.dll
MOD - [2014/10/19 15:28:11 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014/10/19 15:27:50 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014/10/19 15:27:39 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014/10/19 15:27:36 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014/10/19 15:27:27 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014/10/19 15:27:21 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014/10/19 15:27:21 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014/10/19 15:27:18 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014/10/19 15:27:16 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014/10/19 15:27:14 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014/10/19 15:27:10 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014/10/16 04:15:38 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2014/05/24 11:41:24 | 000,892,416 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
MOD - [2014/05/24 11:41:24 | 000,091,648 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
MOD - [2014/02/13 08:11:29 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014/02/13 08:11:28 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/01/10 00:28:18 | 000,100,688 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2014/01/10 00:26:44 | 001,861,968 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2013/07/10 16:07:22 | 000,756,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2012/09/19 08:17:22 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\SEO PowerSuite\Rank Tracker\libs\ICE_JNIRegistry.dll
MOD - [2012/03/09 15:26:54 | 000,100,352 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\zlib1.dll
MOD - [2011/06/22 09:46:12 | 000,434,016 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009/02/26 11:46:56 | 000,064,344 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/12/09 13:59:55 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/12/09 13:59:42 | 004,012,248 | ---- | M] (Avast Software) [On_Demand | Running] -- C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe -- (AvastVBoxSvc)
SRV:64bit: - [2014/11/21 21:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/08/12 15:08:30 | 000,172,344 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/03/26 16:13:08 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:64bit: - [2012/02/07 22:21:04 | 000,301,568 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/02/07 22:21:03 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/05/13 18:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/04/02 01:06:22 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/01/12 11:40:20 | 000,341,312 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe -- (NitroDriverReadSpool)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/12/10 15:17:23 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/12/03 01:31:16 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/07/23 12:52:01 | 000,102,400 | ---- | M] (                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ) [Auto | Running] -- C:\Program Files (x86)\Vono\Vono\Vono Manager.exe -- (Vono_Manager)
SRV - [2014/07/21 11:23:58 | 000,546,104 | ---- | M] (GAS Tecnologia) [Auto | Running] -- C:\Program Files (x86)\GbPlugin\gbpsv.exe -- (GbpSv)
SRV - [2014/07/02 04:45:03 | 005,037,888 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe -- (TeamViewer9)
SRV - [2014/04/03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/12/18 10:36:04 | 000,018,432 | ---- | M] (Clarus, Inc.) [Auto | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe -- (SZDrvSvc)
SRV - [2013/09/11 18:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/11/27 19:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/09/27 08:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/07/11 14:04:44 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/23 11:45:58 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/03/07 19:43:30 | 002,375,168 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/02/18 00:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/01/12 11:40:30 | 000,068,928 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2010/05/18 16:06:42 | 000,327,064 | ---- | M] (Enigma Software Group USA, LLC.) [Auto | Running] -- C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe -- (SpyHunter 4 Service)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/12/09 14:00:27 | 001,050,432 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsnx.sys -- (aswSnx)
DRV:64bit: - [2014/12/09 14:00:03 | 000,436,624 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswsp.sys -- (aswSP)
DRV:64bit: - [2014/12/09 14:00:03 | 000,267,632 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/12/09 14:00:03 | 000,116,728 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/12/09 14:00:03 | 000,093,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2014/12/09 14:00:03 | 000,083,280 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/12/09 14:00:03 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2014/12/09 14:00:03 | 000,029,208 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aswHwid.sys -- (aswHwid)
DRV:64bit: - [2014/12/09 13:59:42 | 000,271,752 | ---- | M] (Avast Software) [Kernel | Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys -- (VBoxAswDrv)
DRV:64bit: - [2013/12/06 08:37:50 | 000,035,232 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2013/11/26 20:54:02 | 000,042,016 | ---- | M] (Visicom Media Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcvidrv.sys -- (ManyCam)
DRV:64bit: - [2013/08/20 23:31:40 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 23:31:40 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/12/13 11:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/06 07:42:12 | 002,350,176 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 10:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/26 11:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/07 22:21:04 | 000,528,384 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/08/29 19:58:09 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/08/29 19:58:09 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 18:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/05/13 18:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/04/15 16:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 16:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/24 19:20:36 | 000,337,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/03/18 00:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/03/18 00:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2010/12/16 03:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/17 12:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/06/25 12:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/08 07:52:48 | 000,049,536 | ---- | M] (GAS Tecnologia) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\gbpkm.sys -- (GbpKm)
DRV - [2012/06/21 13:58:20 | 000,020,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys -- (mdf16)
DRV - [2012/06/21 13:58:10 | 000,099,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys -- (mvd23)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{5D1E3CEC-F39F-465A-8D86-A8981406F57E}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...utputEncoding?}
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,NewTabPageShow = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}
IE - HKCU\..\SearchScopes\{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}: "URL" = http://www.google.co...Encoding?}&rlz=
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaultthis.engineName: "Yahoo! (Avast)"
FF - prefs.js..browser.search.defaulturl: "https://search.yahoo.com/yhs/search"
FF - prefs.js..browser.search.highlightCount: 4
FF - prefs.js..browser.search.isUS: true
FF - prefs.js..browser.search.order.1: "Yahoo! (Avast)"
FF - prefs.js..browser.startup.homepage: "https://www.yahoo.co...&type=avastbcl"
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E8873%7D:3.7.1
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886D%7D:3.11.0
FF - prefs.js..extensions.enabledAddons: %7B87F8774F-B485-47E2-A755-A40A8A5E886C%7D:3.5.2
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:10.0.2502.149
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:34.0.5
FF - prefs.js..keyword.URL: "https://search.yahoo.com/yhs/search"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Izilda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Izilda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Izilda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Izilda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/bb: C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/cef: C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF - HKCU\Software\MozillaPlugins\gastecnologia.com.br/sf/uni: C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/12/09 14:00:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 34.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/12/14 23:03:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886D}: C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014/09/09 00:57:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E8873}: C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014/03/24 11:11:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{87F8774F-B485-47E2-A755-A40A8A5E886C}: C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014/12/09 14:29:20 | 000,000,000 | ---D | M]
 
[2012/09/19 19:15:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izilda\AppData\Roaming\Mozilla\Extensions
[2014/12/08 16:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Izilda\AppData\Roaming\Mozilla\Firefox\Profiles\qb4mtwr7.default-1380586887777\extensions
[2014/06/13 09:25:51 | 000,009,419 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Mozilla\Firefox\Profiles\qb4mtwr7.default-1380586887777\searchplugins\yahoo-avast.xml
[2014/12/10 15:17:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/12/10 15:17:14 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
[2014/12/10 15:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/12/10 15:17:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/12/09 14:00:09 | 000,000,000 | ---D | M] ("Avast Online Security") -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2014/12/09 14:29:20 | 000,000,000 | ---D | M] (GBBD Banco do Brasil) -- C:\USERS\IZILDA\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\BB\XPI
[2014/09/09 00:57:35 | 000,000,000 | ---D | M] (GBBD Caixa Economica Federal) -- C:\USERS\IZILDA\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\CEF\XPI
[2014/03/24 11:11:47 | 000,000,000 | ---D | M] (GBBD Guardião - Itaú 30 horas) -- C:\USERS\IZILDA\APPDATA\LOCAL\GAS TECNOLOGIA\GBBD\UNI\XPI
 
========== Chrome  ==========
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npo1d.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Izilda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: No name found = C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp\3.7.2_0\
CHR - Extension: No name found = C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei\3.7.1_1\
CHR - Extension: No name found = C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi\3.7.2_0\
 
O1 HOSTS File: ([2014/08/16 02:49:45 | 000,000,134 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: റ㈊਍ഷ⸊਍ര⸊਍ര⸊਍റ ਍ഠ ਍ഠ ਍ഠ ਍൬漊਍ൣ愊਍൬栊਍൯猊਍൴㨊਍ഺㄊ਍ഠ ਍ഠ ਍ഠ ਍ഠ氊਍൯挊਍ൡ氊਍൨漊਍൳琊਍
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (4sharedExt) - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll File not found
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O2 - BHO: (GbIehObj Class) - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\OpenSubtitlesPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Clarus Drive Manager] C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Magic Desktop for HP notification] C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (Easybits)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O8:64bit: - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files%20%28x86%29\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html File not found
O8:64bit: - Extra context menu item: Scan link with AEE - res://C:\Program%20Files%20%28x86%29\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html File not found
O8 - Extra context menu item: Advanced Email Extractor - res://C:\Program%20Files%20%28x86%29\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/page.html File not found
O8 - Extra context menu item: Scan link with AEE - res://C:\Program%20Files%20%28x86%29\Advanced%20Email%20Extractor%20PRO\AeePMsie.dll/link.html File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)
O15 - HKCU\..Trusted Domains: itau.com.br ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: sytes.net ([bercariodinamica1] http in Trusted sites)
O16 - DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://bercariodinam...1023/DvrOcx.cab (Dvr Net 85 Multidownload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0211F5D2-0B48-4A83-8097-2D3C20677B0B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{894FB0E4-5432-4A2A-B791-AB7238B6F4E2}: DhcpNameServer = 200.142.132.32 200.220.227.57
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E66EA923-D0B8-4739-A6C2-1045AE207BFE}: DhcpNameServer = 65.32.5.111 65.32.5.112 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ GbPluginBb: DllName - (C:\Program Files (x86)\GbPlugin\gbieh.dll) - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O20 - Winlogon\Notify\ GbPluginUni: DllName - (C:\Program Files (x86)\GbPlugin\gbiehUni.dll) - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
O28 - HKLM ShellExecuteHooks: {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014/06/13 11:27:55 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2013/10/18 03:30:16 | 000,000,154 | RH-- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{520b7578-3f36-11e1-9d4c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{520b7578-3f36-11e1-9d4c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2013/10/18 03:28:39 | 042,041,656 | R--- | M] (Belkin International, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/12/14 23:02:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/12/11 10:26:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser
[2014/12/10 16:58:47 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{4FCDAFD5-E0A4-4FE2-AE63-0697D611E924}
[2014/12/10 15:17:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/12/09 16:15:47 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{DF4A9E97-D06F-4CFC-A2C3-6943A52125EF}
[2014/12/09 14:11:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vbox
[2014/12/09 14:11:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vbox
[2014/12/09 14:00:11 | 000,364,512 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/09 13:59:59 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/09 13:55:32 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2014/12/09 13:54:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014/12/09 13:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/12/09 01:09:41 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{575AF182-EF9C-4F91-94C5-06221FEE22B0}
[2014/12/08 13:09:27 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{B1586B39-C0BF-46A7-9DE4-7397A6552905}
[2014/12/07 22:25:40 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\Clarus
[2014/12/06 17:54:40 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{71175055-475C-4852-A454-71122BE7448D}
[2014/12/06 01:18:28 | 000,000,000 | ---D | C] -- C:\Users\Izilda\.linkassistant
[2014/12/06 00:19:36 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{A5D58506-A658-4378-AC2C-EBE05AC4ABF6}
[2014/12/05 15:04:27 | 000,000,000 | ---D | C] -- C:\Users\Izilda\Desktop\Detox Example
[2014/12/05 12:17:50 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{95FB0518-EB2B-42CF-904C-FF95AD1A3C99}
[2014/12/04 14:07:26 | 000,000,000 | -HSD | C] -- C:\Users\Izilda\AppData\Local\EmieBrowserModeList
[2014/12/04 08:24:20 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{A5E04B53-4C36-43E8-B549-3225525FF868}
[2014/12/03 00:27:22 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{FA460C26-BEE7-4651-92E8-28D65D0E0963}
[2014/12/02 12:27:09 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{E2A21326-130C-495B-BAE5-FA529D145347}
[2014/12/02 00:26:24 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{A79C9B5C-5798-42B1-9531-7D95C99DEF7A}
[2014/12/01 12:26:09 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{6E841DF6-6BD2-4BA6-AB1D-9DA803EE6CB2}
[2014/11/29 10:58:27 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{0C3A2A7B-51B5-41A1-BDD4-8BEA542F3F42}
[2014/11/28 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{0F46B99E-BED9-4CBF-AF9B-40321F76A08D}
[2014/11/28 10:50:23 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{B5E3FEA5-4F4A-4F02-942C-C6D0DC925410}
[2014/11/27 11:53:15 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{40A247EC-4B79-4955-858A-F153DD1F57B7}
[2014/11/26 23:53:03 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{B38CBAFB-98B1-4580-89FC-64AFD53B92EA}
[2014/11/26 11:36:10 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{1651E27D-4B90-40EA-831F-993935A9B086}
[2014/11/25 22:45:16 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{58FD2442-F03D-439B-8642-2024CD54376F}
[2014/11/25 10:44:22 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{8CBA1718-BD2D-49FA-B9D2-78B330F84BF0}
[2014/11/24 22:14:14 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{CDD06F72-3B71-4F30-9333-0E771F941528}
[2014/11/24 10:10:59 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{3CFEB432-1EDE-48DF-8C00-932872BED371}
[2014/11/23 15:58:41 | 000,000,000 | ---D | C] -- C:\Users\Izilda\AppData\Local\{99B7F454-D5D9-4CEC-91A1-5EE7CEF30504}
 
========== Files - Modified Within 30 Days ==========
 
[2014/12/14 23:51:51 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/12/14 23:49:56 | 000,317,983 | ---- | M] () -- C:\Users\Izilda\.ranktracker.properties
[2014/12/14 22:55:01 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
[2014/12/14 22:51:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/12/14 17:58:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/12/14 17:57:28 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
[2014/12/14 10:41:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/12/14 10:41:11 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/12/14 10:18:48 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
[2014/12/14 00:50:24 | 000,001,456 | ---- | M] () -- C:\Users\Izilda\AppData\Local\Adobe Save for Web 13.0 Prefs
[2014/12/13 23:22:59 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/12/13 15:43:29 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2014/12/13 15:43:09 | 005,097,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/12/13 15:42:30 | 1728,237,567 | -HS- | M] () -- C:\hiberfil.sys
[2014/12/13 10:58:13 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIzilda.job
[2014/12/12 16:31:25 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/12/12 16:22:43 | 000,001,139 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/12/12 16:22:30 | 000,001,021 | ---- | M] () -- C:\Users\Izilda\Desktop\Dropbox.lnk
[2014/12/09 17:21:45 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/12/09 17:21:45 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/12/09 17:21:45 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/12/09 15:28:57 | 000,334,250 | ---- | M] () -- C:\Users\Izilda\Desktop\direct_deposit.pdf
[2014/12/09 14:29:25 | 000,017,995 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\unins001.dat
[2014/12/09 14:25:43 | 000,813,217 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\unins001.exe
[2014/12/09 14:00:32 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/09 14:00:27 | 001,050,432 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsnx.sys
[2014/12/09 14:00:03 | 000,436,624 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswsp.sys
[2014/12/09 14:00:03 | 000,364,512 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/12/09 14:00:03 | 000,267,632 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2014/12/09 14:00:03 | 000,116,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/12/09 14:00:03 | 000,093,568 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2014/12/09 14:00:03 | 000,083,280 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/12/09 14:00:03 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2014/12/09 14:00:03 | 000,029,208 | ---- | M] () -- C:\Windows\SysNative\drivers\aswHwid.sys
[2014/12/09 13:59:59 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/12/09 01:26:50 | 000,000,132 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2014/12/08 17:46:48 | 000,026,734 | ---- | M] () -- C:\Users\Izilda\Desktop\fabricio_newsletter_icon.png
[2014/12/06 22:25:48 | 000,086,652 | ---- | M] () -- C:\Users\Izilda\.linkassistant.properties
[2014/12/06 01:59:32 | 000,183,417 | ---- | M] () -- C:\Users\Izilda\.spyglass.properties
[2014/12/06 01:17:42 | 000,002,299 | ---- | M] () -- C:\Users\Izilda\Desktop\LinkAssistant.lnk
[2014/12/05 13:27:23 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/12/03 15:54:18 | 000,001,502 | ---- | M] () -- C:\Users\Izilda\Desktop\negociacoes.csv
[2014/12/03 15:34:20 | 000,009,316 | ---- | M] () -- C:\Users\Izilda\AppData\Roaming\Microsoft Excel 97-2003.EML
[2014/12/03 14:29:06 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2014/11/29 17:43:20 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIZILDA-HP$.job
[2014/11/21 06:14:22 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/11/21 06:14:12 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/11/21 06:14:08 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/11/19 23:28:40 | 000,332,831 | ---- | M] () -- C:\Users\Izilda\Desktop\RugdoctorCoupon.pdf
[2014/11/16 16:54:17 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
 
========== Files Created - No Company Name ==========
 
[2014/12/09 15:28:55 | 000,334,250 | ---- | C] () -- C:\Users\Izilda\Desktop\direct_deposit.pdf
[2014/12/09 14:29:20 | 000,813,217 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\unins001.exe
[2014/12/09 14:29:20 | 000,017,995 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\unins001.dat
[2014/12/09 14:00:32 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Avast Free Antivirus.lnk
[2014/12/08 17:46:46 | 000,026,734 | ---- | C] () -- C:\Users\Izilda\Desktop\fabricio_newsletter_icon.png
[2014/12/06 01:59:18 | 000,086,652 | ---- | C] () -- C:\Users\Izilda\.linkassistant.properties
[2014/12/06 01:17:42 | 000,002,299 | ---- | C] () -- C:\Users\Izilda\Desktop\LinkAssistant.lnk
[2014/12/03 15:54:17 | 000,001,502 | ---- | C] () -- C:\Users\Izilda\Desktop\negociacoes.csv
[2014/11/19 23:28:15 | 000,332,831 | ---- | C] () -- C:\Users\Izilda\Desktop\RugdoctorCoupon.pdf
[2014/03/24 11:11:47 | 000,718,497 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\unins002.exe
[2014/03/24 11:11:47 | 000,016,594 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\unins002.dat
[2014/01/22 21:26:52 | 000,428,351 | ---- | C] () -- C:\Users\Izilda\.websiteauditor.properties
[2014/01/22 12:10:58 | 000,004,096 | -H-- | C] () -- C:\Users\Izilda\AppData\Local\keyfile3.drm
[2014/01/02 17:26:07 | 000,000,005 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\WBPU-TTL.DAT
[2014/01/02 17:26:06 | 000,000,098 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\WB.CFG
[2013/11/05 18:43:49 | 000,000,027 | ---- | C] () -- C:\Users\Izilda\.mjsync_pt_BR
[2013/10/30 09:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013/10/30 09:06:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/10/30 09:06:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/10/30 09:06:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/10/30 09:06:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2013/10/15 22:54:55 | 000,009,321 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\Comma Separated Values (DOS).EML
[2013/09/30 10:02:20 | 000,000,202 | ---- | C] () -- C:\Users\Izilda\RmDvrUserCfg85.ini
[2013/08/16 14:10:45 | 000,000,132 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/08/15 12:33:47 | 000,001,456 | ---- | C] () -- C:\Users\Izilda\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/06/19 13:30:43 | 000,720,594 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\unins000.exe
[2013/06/19 13:30:43 | 000,012,679 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\unins000.dat
[2013/05/30 20:17:35 | 000,183,417 | ---- | C] () -- C:\Users\Izilda\.spyglass.properties
[2013/05/07 22:04:57 | 000,009,327 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\Comma Separated Values (Windows).EML
[2013/03/29 22:41:17 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013/03/29 22:41:17 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll
[2013/01/15 19:45:21 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\CCSETX64.SYS
[2012/12/24 17:41:11 | 000,009,316 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\Microsoft Excel 97-2003.EML
[2012/11/12 20:20:34 | 000,000,892 | ---- | C] () -- C:\Users\Izilda\AppData\Local\recently-used.xbel
[2012/09/26 14:32:48 | 000,000,132 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/09/23 22:32:08 | 000,001,456 | ---- | C] () -- C:\Users\Izilda\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/09/21 23:29:31 | 000,000,132 | ---- | C] () -- C:\Users\Izilda\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/09/20 01:19:56 | 000,317,983 | ---- | C] () -- C:\Users\Izilda\.ranktracker.properties
[2012/01/14 17:37:01 | 000,000,477 | ---- | C] () -- C:\Users\Izilda\Desktop.lnk
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/01/05 21:59:11 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Ashampoo
[2014/07/18 00:22:36 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Audacity
[2013/10/18 15:39:32 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\AVAST Software
[2012/01/15 18:24:30 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Blio
[2012/12/16 20:50:18 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2014/01/29 12:45:09 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Cocoon Software
[2013/10/21 12:32:43 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Downloaded Installations
[2014/12/13 15:47:01 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Dropbox
[2013/06/19 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\FileOpen
[2014/12/09 01:40:15 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\FileZilla
[2014/01/29 12:13:03 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\HandBrake
[2014/01/22 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\ManyCam
[2013/03/15 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\MP3SkypeRecorder
[2013/06/19 13:49:41 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Nitro
[2014/12/11 22:27:35 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Nitro PDF
[2013/05/06 15:14:57 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Oracle
[2014/12/09 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\PrimoPDF
[2014/05/02 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\rmi
[2013/11/17 22:02:43 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Samsung
[2012/01/23 19:10:22 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\ScanSoft
[2013/01/07 12:45:38 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/04/14 22:38:25 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Stellarium
[2012/01/14 17:39:13 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Synaptics
[2014/02/11 11:10:41 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\TeamViewer
[2012/09/19 00:18:29 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Thunderbird
[2013/01/15 19:45:05 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\TuneUp Software
[2014/07/10 12:25:06 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\uTorrent
[2012/12/15 08:30:12 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\VIVO INTERNET
[2014/07/23 12:52:57 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Vono
[2012/09/20 00:19:18 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\WildTangent
[2012/02/11 21:45:01 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\Windows Live Writer
[2014/05/27 23:18:10 | 000,000,000 | -HSD | M] -- C:\Users\Izilda\AppData\Roaming\wyUpdate AU
 
========== Purity Check ==========
 
 
 
< End of report >
 

 


  • 0

Advertisements

#2
Valinorum
Posted 15 December 2014 - 10:38 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Andre Silva, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Please uninstall SUPERAntiSpyware.


 
  • Step #1 Fix with OTL
    • Re-run OTL by right clicking and choosing Run as administrator;
    • Under the Custom Scans/Fixes Box copy and paste the following contents inside the quote box. (Do not include the word 'quote').

      :Commands
      [createrestorepoint]

      :OTL
      FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
      O1 - Hosts: റ㈊਍ഷ⸊਍ര⸊਍ര⸊਍റ ਍ഠ ਍ഠ ਍ഠ ਍൬漊਍ൣ愊਍൬栊਍൯猊਍൴㨊਍ഺㄊ਍ഠ ਍ഠ ਍ഠ ਍ഠ氊਍൯挊਍ൡ氊਍൨漊਍൳琊਍
      O2:64bit: - BHO: (4sharedExt) - {95525BD9-6136-4A26-8263-9CEE295D442D} - C:\Program Files (x86)\4shared Toolbar\4sharedExt64.dll File not found
      O1364bit: - gopher Prefix: missing
      O13 - gopher Prefix: missing
      O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www14] https in Trusted sites)
      O15 - HKCU\..Trusted Domains: bancobrasil.com.br ([www2] https in Trusted sites)
      O15 - HKCU\..Trusted Domains: bb.com.br ([seg] https in Trusted sites)
      O15 - HKCU\..Trusted Domains: bb.com.br ([www] http in Trusted sites)
      O15 - HKCU\..Trusted Domains: itau.com.br ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: itau.com.br ([bankline] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: itau.com.br ([clickbanking] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: itau.com.br ([guardiao] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: itau.com.br ([www] * in Trusted sites)
      O15 - HKCU\..Trusted Domains: sytes.net ([bercariodinamica1] http in Trusted sites)
      O16 - DPF: {748E146C-5842-4AD4-8A01-ACA7E61C6FCE} http://bercariodinam...1023/DvrOcx.cab (Dvr Net 85 Multidownload)
      [2013/01/15 19:45:05 | 000,000,000 | ---D | M] -- C:\Users\Izilda\AppData\Roaming\TuneUp Software

      :Commands
      [emptytemp]
      [resethosts]

    • Click on "Run Fix" and let the program run unhindered;
    • Your PC will reboot automatically and a log will be opened;
    • Please post it in your next reply.
 
  • Step #2 Scan with Farbar Recovery Scan Tool
    • Please download Farbar Recovery Scan Tool by Farbar to your Desktop from the link below.
      Download link for 32 bit system
      Download link for 64 bit system
    • Right-click on the program and choose Run as administrator;
    • Put tick-mark on all boxes under Whitelist and Optional Scan;
    • Click on Scan;
    • After the scan two notepad files will be opened --
      • FRST.txt;
      • Addition.txt
    • Copy and Paste the contents of the logs in your next reply.
 
  • Required Log(s):
    • OTL Fix Log
    • Farbar Tool Log(s)--
      • FRST.txt
      • Addition.txt
Regards,
Valinorum
  • 0

#3
Andre Silva
Posted 15 December 2014 - 12:48 PM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello Valinorum, 

 

Thank you for your kind reply. 

 

The OTL fix has been running for several minutes now, but has not yet finished. Is this normal?

 

Looking forward to your next reply.

 

Thanks again!

 

Andre


  • 0

#4
Valinorum
Posted 15 December 2014 - 11:07 PM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
If it stalls more than thirty minutes, please, restart the PC and proceed to the next step. The fix-time depends on the amount of infected files and their persistence nature.
  • 0

#5
Andre Silva
Posted 17 December 2014 - 12:40 AM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello Valinorum, thanks for your reply.

 

I'm not sure my OTL Fix completed successfully. It ran for about 1 hour and I restarted the PC as you instructed. 

 

Here are the logs. Will wait for your next instructions, please.

 

 
Files\Folders moved on Reboot...
C:\Users\Izilda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BAT5R5U9\externalSettings[1].js moved successfully.
C:\Users\Izilda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by Izilda (administrator) on IZILDA-HP on 17-12-2014 01:31:53
Running from C:\Users\Izilda\Downloads
Loaded Profile: Izilda (Available profiles: Izilda)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(GAS Tecnologia) C:\Program Files (x86)\GbPlugin\gbpsv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ) C:\Program Files (x86)\Vono\Vono\Vono Manager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Google Inc.) C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(Clarus, Inc.) C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dropbox, Inc.) C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-02-07] (IDT, Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-11-06] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-24] (Easybits)
HKLM-x32\...\Run: [Clarus Drive Manager] => C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe [8135744 2013-12-18] (Clarus, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [455512 2014-05-27] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-02] (Hewlett-Packard)
Winlogon\Notify\ GbPluginBb-x32: C:\Program Files (x86)\GbPlugin\gbieh.dll (Banco do Brasil)
Winlogon\Notify\ GbPluginUni-x32: C:\Program Files (x86)\GbPlugin\gbiehUni.dll (Banco Itaú Unibanco)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [Google Update] => C:\Users\Izilda\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-30] (Google Inc.)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7777560 2014-11-25] (SUPERAntiSpyware)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [Facebook Update] => C:\Users\Izilda\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-05-25] (Facebook Inc.)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564528 2013-11-06] (Samsung)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-11-06] (Samsung)
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\MountPoints2: {520b7578-3f36-11e1-9d4c-806e6f6e6963} - E:\Setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk
ShortcutTarget: Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Startup: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [4SyncOverlay1] -> {2012DE06-50C0-48BD-ACDE-88F95D4CAD1F} => C:\Program Files (x86)\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [4SyncOverlay2] -> {C72C6188-BEF2-46E5-A89A-52F0ED75219E} => C:\Program Files (x86)\4Sync\ShellExt.dll No File
ShellIconOverlayIdentifiers: [4SyncOverlay3] -> {C92F6BC2-AF61-4C0E-80E0-939B8282DDB7} => C:\Program Files (x86)\4Sync\ShellExt.dll No File
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.co...t&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo...p={searchTerms}
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.co...t&type=avastbcl
StartMenuInternet: IEXPLORE.EXE - C:\program files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM -> {5D1E3CEC-F39F-465A-8D86-A8981406F57E} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3190529940-644357419-2377663512-1001 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://search.yahoo...p={searchTerms}
SearchScopes: HKU\S-1-5-21-3190529940-644357419-2377663512-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540000} -> C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll (Banco do Brasil)
BHO-x32: GbIehObj Class -> {C41A1C0E-EA6C-11D4-B1B8-444553540008} -> C:\Program Files (x86)\GbPlugin\gbiehuni.dll (Banco Itaú Unibanco)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: IplexToALLPlayer -> {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} -> C:\Program Files (x86)\OpenSubtitlesPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\MP3 Skype Recorder\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-29] (EasyBits Software Corp.)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll [1754664 2014-07-31] (Banco do Brasil)
ShellExecuteHooks-x32: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll [1587768 2014-02-24] (Banco Itaú Unibanco)
Tcpip\Parameters: [DhcpNameServer] 65.32.5.111 65.32.5.112 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Izilda\AppData\Roaming\Mozilla\Firefox\Profiles\qb4mtwr7.default-1380586887777
FF SearchEngineOrder.1: Yahoo! (Avast)
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.4.53 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Izilda\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @talk.google.com/O1DPlugin -> C:\Users\Izilda\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Izilda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Izilda\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Izilda\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/bb -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/cef -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll (GAS Tecnologia)
FF Plugin HKU\S-1-5-21-3190529940-644357419-2377663512-1001: gastecnologia.com.br/sf/uni -> C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll (GAS Tecnologia)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Izilda\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Izilda\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Users\Izilda\AppData\Roaming\Mozilla\Firefox\Profiles\qb4mtwr7.default-1380586887777\searchplugins\yahoo-avast.xml
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-12-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-10-06]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886D}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi
FF Extension: GBBD Caixa Economica Federal - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\xpi [2014-12-16]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E8873}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi
FF Extension: GBBD Guardião - Itaú 30 horas - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\uni\xpi [2014-03-24]
FF HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Firefox\Extensions: [{87F8774F-B485-47E2-A755-A40A8A5E886C}] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi
FF Extension: GBBD Banco do Brasil - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\bb\xpi [2014-12-09]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E8873} [Not Found]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found]
FF Extension: No Name - [email protected] [Not Found]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886D} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (Avast Online Security) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-11]
CHR Extension: (GBBD Banco do Brasil) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp [2014-12-08]
CHR Extension: (Google Wallet) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei [2013-06-19]
CHR Extension: (GBBD Caixa Economica Federal) - C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi [2014-12-09]
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\Chrome\Extension: [nnjbodopomfddehlalfilheomcahbpei] - C:\Users\Izilda\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx [2013-06-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-09]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-12] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-09] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-09] (Avast Software)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 GbpSv; C:\Program Files (x86)\GbPlugin\gbpsv.exe [546104 2014-07-21] (GAS Tecnologia)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]
R2 NitroDriverReadSpool; C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [341312 2011-01-12] (Nitro PDF Software)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SZDrvSvc; C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2013-12-18] (Clarus, Inc.) [File not signed]
R2 Vono_Manager; C:\Program Files (x86)\Vono\Vono\Vono Manager.exe [102400 2014-07-23] (                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                ) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-09] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-09] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-09] ()
S0 GbpKm; C:\Windows\SysWOW64\drivers\gbpkm.sys [49536 2013-05-08] (GAS Tecnologia)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [42016 2013-11-26] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R3 mdf16; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys [20400 2012-06-21] ()
R3 mvd23; C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys [99248 2012-06-21] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U4 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-09] (Avast Software)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Accelerometer.sys 5C368F4B04ED2A923E6AFCA2D37BAFF5
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdhub30.sys 30BFEEE0DFFD5BD79D29157CF080DEED
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 42D53DAF85F948C39CE1351A8F5B5808
C:\Windows\System32\DRIVERS\atikmpag.sys 75182B5784015B271932088551616A96
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amdxhc.sys 321533578132C811EC834A1B741C994C
C:\Windows\System32\DRIVERS\amd_sata.sys F9D46B6B322708BD5AFCC8767EBDC901
C:\Windows\System32\DRIVERS\amd_xata.sys 329CC9C7E20DEEBCD4CD10816193EF14
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\system32\drivers\aswHwid.sys 9BE9F2B83DE80E2752B1405CC427E2EC
C:\Windows\system32\drivers\aswMonFlt.sys 2DA1C1AEDF454F8E32A863A1AEACDD8C
C:\Windows\system32\drivers\aswRdr2.sys 4750016EF9CC1DEC6DA3FE5AF9A7F095
C:\Windows\System32\Drivers\aswRvrt.sys 1323269A92645705DEFA053F3596829D
C:\Windows\system32\drivers\aswSnx.sys E74FD717476B30E23F45354B8F3ACB30
C:\Windows\system32\drivers\aswSP.sys B1881A01E301990B671694CA1623F1B6
C:\Windows\system32\drivers\aswStm.sys 7509F07BA6F84C1E3B2C0D78A1F6F782
C:\Windows\System32\Drivers\aswVmm.sys 1A5BDDE65B648DC3AD48B6ECAA3AE9C8
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 4BF5BCA6E2608CD8A00BC4A6673A9F47
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 9E84A931DBEE0292E38ED672F6293A99
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys E428DFFA96FAD07D8CA3C9082563A225
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\gbpkm.sys 8F866DF9A974BFFDCB2001D303BC0695
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hpdskflt.sys 4E0BEC0F78096FFD6D3314B497FC49D3
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 41774FF331F609EF442B7398EE6202B1
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mcvidrv.sys 039E4A64A5B6DE525E8CACFF1207B049
C:\Windows\System32\drivers\mcaudrv_x64.sys F1CE49C11A9833A5D2EC32443A142064
C:\Program Files (x86)\Clarus\Samsung Drive Manager\mdf16.sys D3BDDC034F80F72E3C598E633B309E10
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Program Files (x86)\Clarus\Samsung Drive Manager\mvd23.sys ADCD6BBF6974A8D0C250E6259E1421EC
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys 6F4607E2333FE21E9E3FF8133A88B35B
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28x.sys 2EED549279D7FBD10B846B5397573967
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\drivers\npf.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RtsPStor.sys 9D21618E7A3B2C75CF1A2ECBBE723730
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys AAF6F247F1DC370C593B4430974EAD9C
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys BEB37CE4E7456F5EFA52D783D1E06D8C
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys AC3CC98B1BDB6540021D3FFB105AC2B9
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbfilter.sys 573D192E268F0C5B486B7E96F661E538
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys 1352B215BDC5807A5641E7C143796DD7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 01:31 - 2014-12-17 01:32 - 00050833 _____ () C:\Users\Izilda\Downloads\FRST.txt
2014-12-17 01:31 - 2014-12-17 01:31 - 00000000 ____D () C:\FRST
2014-12-17 01:30 - 2014-12-17 01:31 - 02119168 _____ (Farbar) C:\Users\Izilda\Downloads\FRST64 (1).exe
2014-12-16 13:47 - 2014-12-16 13:47 - 00001283 _____ () C:\Users\Izilda\Desktop\jdc_papelaria.txt
2014-12-16 13:42 - 2014-12-16 13:42 - 00127849 _____ () C:\Users\Izilda\Downloads\[kickass.so]corel.draw.graphics.suite.x7.2.win64.xforce.spam.tpb.torrent
2014-12-16 10:29 - 2014-12-16 10:30 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{A6BF263D-92BF-4BB7-A94A-EF76025706F8}
2014-12-15 22:29 - 2014-12-15 22:29 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{BDA1D65E-E42C-4443-88A0-CDCC440AB6AE}
2014-12-15 19:56 - 2014-12-15 19:56 - 00087769 _____ () C:\Users\Izilda\Desktop\andressa.jpeg
2014-12-15 18:47 - 2014-12-15 18:47 - 00000000 _____ () C:\Users\Izilda\Desktop\robots.txt
2014-12-15 18:46 - 2014-12-15 18:46 - 00004271 _____ () C:\Users\Izilda\Downloads\urllist.txt
2014-12-15 13:27 - 2014-12-15 13:27 - 02119168 _____ (Farbar) C:\Users\Izilda\Downloads\FRST64.exe
2014-12-15 10:28 - 2014-12-15 10:29 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{CBE742D7-AB84-4288-88D7-A27C713A4A9D}
2014-12-14 23:44 - 2014-12-14 23:44 - 00602112 _____ (OldTimer Tools) C:\Users\Izilda\Downloads\OTL (2).exe
2014-12-14 22:52 - 2014-12-14 22:52 - 01941064 _____ () C:\Users\Izilda\Downloads\winrar-x64-520.exe
2014-12-14 20:44 - 2014-12-14 20:44 - 01055936 _____ (Adobe) C:\Users\Izilda\Downloads\install_flashplayer16x32pp_mssd_aaa_aih.exe
2014-12-13 12:18 - 2014-12-13 12:18 - 00084480 _____ () C:\Users\Izilda\Downloads\Formulario de Procuracao.doc.crdownload
2014-12-11 10:26 - 2014-12-11 10:26 - 00000000 ____D () C:\Windows\system32\appraiser
2014-12-11 09:53 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-11 09:53 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-11 09:53 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-11 09:53 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-11 09:53 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-11 09:53 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-11 09:53 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-11 09:53 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-11 09:53 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-11 09:53 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-10 16:58 - 2014-12-10 16:58 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{4FCDAFD5-E0A4-4FE2-AE63-0697D611E924}
2014-12-10 15:17 - 2014-12-10 15:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-10 07:20 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2014-12-10 07:20 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2014-12-10 07:20 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-10 07:20 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-12-10 07:20 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-10 07:20 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-12-10 07:20 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-10 07:20 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2014-12-10 07:20 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 07:20 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 07:20 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-10 07:20 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-10 07:20 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-10 07:20 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-10 07:20 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 07:20 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-10 07:20 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 07:20 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-10 07:20 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-10 07:20 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-10 07:20 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 07:20 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 07:20 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 07:20 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 07:20 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 07:20 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 07:20 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 07:20 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 07:20 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 07:20 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 07:20 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-10 07:19 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 07:19 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-10 07:19 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 07:19 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-10 07:19 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 07:19 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 07:19 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-10 07:19 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-10 07:19 - 2014-11-21 21:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-10 07:19 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 07:19 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-10 07:19 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-10 07:19 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-10 07:19 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-10 07:19 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 07:19 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 07:19 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 07:19 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 07:19 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 07:19 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-10 07:19 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-10 07:19 - 2014-11-21 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-10 07:19 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-10 07:19 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 07:19 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-10 07:19 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 07:19 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-10 07:19 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 07:19 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-10 07:19 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 07:19 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 07:19 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-10 07:19 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 07:19 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 07:19 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 07:19 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 07:19 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-10 07:19 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-10 07:19 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-10 07:19 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-10 07:19 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-10 07:19 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-10 07:19 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-10 07:19 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-10 07:19 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 07:19 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-10 07:19 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-10 07:19 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-10 07:18 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-10 07:18 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-10 00:39 - 2014-12-10 00:39 - 00589251 _____ () C:\Users\Izilda\Downloads\LAURA MELO.cdr
2014-12-09 16:15 - 2014-12-09 16:15 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{DF4A9E97-D06F-4CFC-A2C3-6943A52125EF}
2014-12-09 15:06 - 2014-12-09 15:08 - 00025600 _____ () C:\Users\Izilda\Desktop\Controle Projetos Ivan - atualizado 09-12-2014.xls
2014-12-09 14:40 - 2014-12-09 14:40 - 00000247 _____ () C:\Windows\system32\2014-12-09-19-40-11.096-aswFe.exe-3472.log
2014-12-09 14:39 - 2014-12-09 14:40 - 00000197 _____ () C:\Windows\system32\2014-12-09-19-39-57.096-AvastVBoxSVC.exe-1412.log
2014-12-09 14:31 - 2014-12-09 14:31 - 00001087 _____ () C:\Users\Izilda\Desktop\agatha.txt
2014-12-09 14:29 - 2014-12-09 14:29 - 00017995 _____ () C:\Users\Izilda\AppData\Roaming\unins001.dat
2014-12-09 14:29 - 2014-12-09 14:25 - 00813217 _____ () C:\Users\Izilda\AppData\Roaming\unins001.exe
2014-12-09 14:28 - 2014-12-09 14:28 - 00000247 _____ () C:\Windows\system32\2014-12-09-19-28-54.023-aswFe.exe-8020.log
2014-12-09 14:28 - 2014-12-09 14:28 - 00000197 _____ () C:\Windows\system32\2014-12-09-19-28-41.080-AvastVBoxSVC.exe-6332.log
2014-12-09 14:23 - 2014-12-09 14:24 - 02458152 _____ (Banco do Brasil SA) C:\Users\Izilda\Downloads\DiagnosticoBB (12).exe
2014-12-09 14:11 - 2014-12-09 14:11 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-09 14:11 - 2014-12-09 14:11 - 00000000 ____D () C:\Windows\system32\vbox
2014-12-09 14:00 - 2014-12-09 14:00 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-12-09 14:00 - 2014-12-09 14:00 - 00001924 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-09 13:59 - 2014-12-09 13:59 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-12-09 13:55 - 2014-12-09 13:55 - 00000000 ____D () C:\Windows\Sun
2014-12-09 13:49 - 2014-12-09 13:49 - 00638888 _____ (Oracle Corporation) C:\Users\Izilda\Downloads\chromeinstall-8u25.exe
2014-12-09 13:47 - 2014-12-09 13:53 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-09 13:47 - 2014-12-09 13:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-09 13:47 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-12-09 13:47 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-12-09 13:47 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-12-09 13:45 - 2014-12-09 13:47 - 00004221 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-09 13:16 - 2014-12-09 13:16 - 05911240 _____ (GAS Tecnologia ) C:\Users\Izilda\Downloads\stormfish.exe
2014-12-09 13:05 - 2014-12-09 13:05 - 02458152 _____ (Banco do Brasil SA) C:\Users\Izilda\Downloads\DiagnosticoBB (11).exe
2014-12-09 01:09 - 2014-12-09 01:09 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{575AF182-EF9C-4F91-94C5-06221FEE22B0}
2014-12-08 13:09 - 2014-12-08 13:09 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{B1586B39-C0BF-46A7-9DE4-7397A6552905}
2014-12-07 22:25 - 2014-12-07 22:25 - 00000000 ____D () C:\Users\Izilda\AppData\Local\Clarus
2014-12-06 17:54 - 2014-12-06 17:54 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{71175055-475C-4852-A454-71122BE7448D}
2014-12-06 01:59 - 2014-12-06 22:25 - 00086652 _____ () C:\Users\Izilda\.linkassistant.properties
2014-12-06 01:18 - 2014-12-06 22:25 - 00000000 ____D () C:\Users\Izilda\.linkassistant
2014-12-06 01:17 - 2014-12-06 01:17 - 00002299 _____ () C:\Users\Izilda\Desktop\LinkAssistant.lnk
2014-12-06 01:07 - 2014-12-06 01:10 - 96361438 _____ () C:\Users\Izilda\Downloads\linkassistant4.16-jre.zip
2014-12-06 00:19 - 2014-12-06 00:19 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{A5D58506-A658-4378-AC2C-EBE05AC4ABF6}
2014-12-05 15:04 - 2014-12-05 15:04 - 00000000 ____D () C:\Users\Izilda\Desktop\Detox Example
2014-12-05 12:17 - 2014-12-05 12:18 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{95FB0518-EB2B-42CF-904C-FF95AD1A3C99}
2014-12-04 15:56 - 2014-12-04 15:56 - 02649903 _____ () C:\Users\Izilda\Downloads\icons.psd
2014-12-04 14:07 - 2014-12-04 14:07 - 00000000 __SHD () C:\Users\Izilda\AppData\Local\EmieBrowserModeList
2014-12-04 08:24 - 2014-12-04 08:24 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{A5E04B53-4C36-43E8-B549-3225525FF868}
2014-12-03 15:54 - 2014-12-03 15:54 - 00001502 _____ () C:\Users\Izilda\Desktop\negociacoes.csv
2014-12-03 15:34 - 2014-12-03 15:34 - 00278016 _____ () C:\Users\Izilda\Desktop\contact_form.xls
2014-12-03 00:27 - 2014-12-03 00:27 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{FA460C26-BEE7-4651-92E8-28D65D0E0963}
2014-12-02 12:27 - 2014-12-02 12:27 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{E2A21326-130C-495B-BAE5-FA529D145347}
2014-12-02 00:26 - 2014-12-02 00:27 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{A79C9B5C-5798-42B1-9531-7D95C99DEF7A}
2014-12-01 13:33 - 2014-12-01 13:33 - 00030327 _____ () C:\Users\Izilda\Downloads\aerolitecp.zip
2014-12-01 13:33 - 2014-12-01 13:33 - 00022180 _____ () C:\Users\Izilda\Downloads\lisbon_script.zip
2014-12-01 13:31 - 2014-12-01 13:31 - 00016793 _____ () C:\Users\Izilda\Downloads\dragon_is_coming (1).zip
2014-12-01 12:26 - 2014-12-01 12:26 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{6E841DF6-6BD2-4BA6-AB1D-9DA803EE6CB2}
2014-11-29 10:58 - 2014-11-29 10:58 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{0C3A2A7B-51B5-41A1-BDD4-8BEA542F3F42}
2014-11-28 22:50 - 2014-11-28 22:50 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{0F46B99E-BED9-4CBF-AF9B-40321F76A08D}
2014-11-28 17:36 - 2014-11-28 17:36 - 01047181 _____ () C:\Users\Izilda\Downloads\UNZIP-FIRST-iSEO-Light.zip
2014-11-28 10:50 - 2014-11-28 10:50 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{B5E3FEA5-4F4A-4F02-942C-C6D0DC925410}
2014-11-27 21:52 - 2014-11-27 21:53 - 05006304 _____ () C:\Users\Izilda\Downloads\ABCP How to Build A Box Camera.zip
2014-11-27 11:53 - 2014-11-27 11:53 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{40A247EC-4B79-4955-858A-F153DD1F57B7}
2014-11-27 11:35 - 2014-11-27 11:35 - 26105384 _____ () C:\Users\Izilda\Downloads\mauricio_doi_cecma_-_mockup1_v2 (1).zip
2014-11-26 23:53 - 2014-11-26 23:53 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{B38CBAFB-98B1-4580-89FC-64AFD53B92EA}
2014-11-26 15:54 - 2014-11-26 15:54 - 06126536 _____ (Tim Kosse) C:\Users\Izilda\Downloads\FileZilla_3.9.0.6_win32-setup.exe
2014-11-26 11:36 - 2014-11-26 11:37 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{1651E27D-4B90-40EA-831F-993935A9B086}
2014-11-25 22:45 - 2014-11-25 22:45 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{58FD2442-F03D-439B-8642-2024CD54376F}
2014-11-25 10:44 - 2014-11-25 10:44 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{8CBA1718-BD2D-49FA-B9D2-78B330F84BF0}
2014-11-24 22:14 - 2014-11-24 22:14 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{CDD06F72-3B71-4F30-9333-0E771F941528}
2014-11-24 10:10 - 2014-11-24 10:11 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{3CFEB432-1EDE-48DF-8C00-932872BED371}
2014-11-23 15:58 - 2014-11-23 15:58 - 00000000 ____D () C:\Users\Izilda\AppData\Local\{99B7F454-D5D9-4CEC-91A1-5EE7CEF30504}
2014-11-20 20:28 - 2014-11-20 20:28 - 06920029 _____ () C:\Users\Izilda\Downloads\VINICIUS CORRÊA PIRES (1).zip
2014-11-19 04:31 - 2014-11-19 04:31 - 01217192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL
2014-11-18 17:41 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 17:41 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 17:41 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 17:41 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-17 01:27 - 2012-09-20 01:19 - 00318079 _____ () C:\Users\Izilda\.ranktracker.properties
2014-12-17 01:27 - 2012-09-20 01:19 - 00000000 ____D () C:\Users\Izilda\.ranktracker
2014-12-17 01:27 - 2012-01-14 17:23 - 00000000 ____D () C:\Users\Izilda
2014-12-17 01:24 - 2012-01-14 22:08 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\Skype
2014-12-17 01:08 - 2013-06-19 13:30 - 00000000 ____D () C:\ProgramData\GAS Tecnologia
2014-12-17 01:08 - 2012-03-06 21:08 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 01:08 - 2011-10-06 12:04 - 01161599 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 01:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2014-12-16 23:01 - 2012-01-14 22:26 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-16 22:55 - 2013-05-25 23:50 - 00000932 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001UA.job
2014-12-16 22:21 - 2012-08-16 07:42 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-16 22:21 - 2012-01-14 17:37 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E9E6BA8C-07EE-4923-A62A-9A3F663A7BF5}
2014-12-16 16:59 - 2013-01-07 20:02 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2014-12-16 15:55 - 2013-08-15 12:33 - 00001456 _____ () C:\Users\Izilda\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-12-16 14:52 - 2012-01-14 17:33 - 00124160 _____ () C:\Users\Izilda\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-16 14:03 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-16 14:03 - 2009-07-13 23:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-16 13:56 - 2013-11-17 23:08 - 00000000 ___RD () C:\Users\Izilda\Dropbox
2014-12-16 13:55 - 2013-11-17 23:04 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\Dropbox
2014-12-16 13:54 - 2013-10-06 11:38 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-16 13:52 - 2012-11-30 16:58 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-16 13:52 - 2012-03-06 21:08 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-16 13:51 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-16 13:51 - 2009-07-13 23:51 - 00168011 _____ () C:\Windows\setupact.log
2014-12-16 13:44 - 2013-07-21 00:32 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\uTorrent
2014-12-16 13:29 - 2012-09-25 13:08 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\FileZilla
2014-12-16 12:10 - 2012-07-12 17:34 - 05656576 ___SH () C:\Users\Izilda\Downloads\Thumbs.db
2014-12-16 09:58 - 2013-05-25 23:50 - 00000910 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3190529940-644357419-2377663512-1001Core.job
2014-12-15 19:56 - 2012-11-01 09:59 - 04420096 ___SH () C:\Users\Izilda\Desktop\Thumbs.db
2014-12-15 14:21 - 2009-07-13 23:45 - 05097152 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-15 11:45 - 2012-11-06 08:27 - 00000000 ____D () C:\Program Files\WinRAR
2014-12-15 10:31 - 2012-01-14 18:57 - 00000000 ____D () C:\Users\Izilda\AppData\Local\CrashDumps
2014-12-15 00:03 - 2013-07-09 21:26 - 00157202 _____ () C:\Users\Izilda\Downloads\OTL.Txt
2014-12-14 23:32 - 2012-01-15 20:03 - 00000000 ____D () C:\Users\Izilda\AppData\Local\Adobe
2014-12-14 23:31 - 2012-04-05 18:58 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-14 23:31 - 2012-01-22 10:20 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 23:03 - 2013-07-18 16:01 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-14 22:57 - 2012-11-06 08:27 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-14 22:57 - 2012-11-06 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-12-14 18:02 - 2012-12-09 14:43 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-14 18:02 - 2012-01-29 12:26 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-13 23:50 - 2012-09-19 00:47 - 00000000 ____D () C:\Users\Izilda\Desktop\Clientes
2014-12-13 23:22 - 2014-06-16 10:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-13 19:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-13 10:58 - 2012-11-25 14:51 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIzilda
2014-12-13 10:58 - 2012-11-25 14:51 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForIzilda.job
2014-12-12 16:31 - 2012-05-28 10:27 - 00002141 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-12 16:22 - 2013-11-17 23:08 - 00001021 _____ () C:\Users\Izilda\Desktop\Dropbox.lnk
2014-12-12 16:22 - 2013-11-17 23:06 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-12 05:50 - 2012-11-26 14:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-11 22:27 - 2012-04-10 18:32 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\Nitro PDF
2014-12-11 10:29 - 2010-11-20 22:47 - 01196342 _____ () C:\Windows\PFRO.log
2014-12-11 10:26 - 2014-05-06 08:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-11 10:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-11 10:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-11 10:17 - 2013-07-20 01:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-11 09:57 - 2012-01-29 12:01 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-09 18:22 - 2014-06-30 09:53 - 00000000 ____D () C:\Users\Izilda\Desktop\Abhishek
2014-12-09 17:21 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 15:29 - 2012-04-10 18:29 - 00000000 ____D () C:\Users\Izilda\AppData\Roaming\PrimoPDF
2014-12-09 14:29 - 2013-07-17 14:46 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-12-09 14:29 - 2013-07-16 08:47 - 00034222 _____ () C:\Users\Izilda\Downloads\Diagnóstico BB.log
2014-12-09 14:25 - 2014-01-22 21:26 - 00000000 ____D () C:\ProgramData\Temp
2014-12-09 14:00 - 2014-04-24 12:56 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-12-09 14:00 - 2014-01-08 13:24 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-12-09 14:00 - 2013-10-06 11:38 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-12-09 14:00 - 2013-10-06 11:38 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-12-09 14:00 - 2013-10-06 11:38 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-12-09 14:00 - 2013-10-06 11:38 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-12-09 14:00 - 2013-10-06 11:38 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-12-09 14:00 - 2013-10-06 11:38 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-12-09 13:52 - 2013-10-18 15:35 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-09 13:52 - 2013-08-06 15:16 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-09 13:10 - 2012-01-15 18:42 - 00000000 ____D () C:\ProgramData\GbPlugin
2014-12-09 13:09 - 2012-01-15 18:42 - 00000000 ____D () C:\Program Files (x86)\GbPlugin
2014-12-09 01:26 - 2013-08-16 14:10 - 00000132 _____ () C:\Users\Izilda\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-12-06 22:28 - 2014-06-16 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-06 22:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-06 01:59 - 2013-05-30 20:17 - 00183417 _____ () C:\Users\Izilda\.spyglass.properties
2014-12-06 01:59 - 2013-05-30 12:51 - 00000000 ____D () C:\Users\Izilda\.seospyglass
2014-12-06 01:18 - 2013-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom
2014-12-06 01:17 - 2013-05-30 12:50 - 00000000 ____D () C:\Program Files (x86)\Link-AssistantCom
2014-12-05 14:51 - 2012-10-03 22:25 - 00000000 ____D () C:\Users\Izilda\Documents\Rank Tracker Reports
2014-12-05 13:27 - 2014-06-16 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 13:27 - 2012-09-27 16:16 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-03 15:34 - 2012-12-24 17:41 - 00009316 _____ () C:\Users\Izilda\AppData\Roaming\Microsoft Excel 97-2003.EML
2014-12-03 14:29 - 2013-05-27 17:14 - 00001960 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk
2014-12-03 14:29 - 2012-09-25 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-12-03 14:29 - 2012-09-25 13:07 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-12-03 11:52 - 2014-09-15 11:59 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-03 11:52 - 2012-01-14 22:08 - 00000000 ____D () C:\ProgramData\Skype
2014-12-01 16:46 - 2012-01-14 19:57 - 00000000 ____D () C:\Users\Izilda\Documents\Youcam
2014-11-29 19:32 - 2012-09-19 01:45 - 00000000 ____D () C:\Users\Izilda\Desktop\Andre
2014-11-29 17:43 - 2012-12-03 10:26 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIZILDA-HP$
2014-11-29 17:43 - 2012-12-03 10:26 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForIZILDA-HP$.job
2014-11-24 14:04 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-21 06:14 - 2014-06-16 10:10 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 06:14 - 2014-06-16 10:10 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-21 06:14 - 2012-09-27 16:16 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
 
Some content of TEMP:
====================
C:\Users\Izilda\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphkz_ja.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
extendedinput           Yes
default                 {current}
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
customactions           0x1000085000001
                        0x5400000f
custom:5400000f         {a930814b-f044-11e0-b3ed-8a1bef2ad4be}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {a930814b-f044-11e0-b3ed-8a1bef2ad4be}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {158181c0-9a00-11db-8a1d-b11d19fd3102}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {572bcd60-ffa7-11d9-aae0-0007e994107d}
device                  ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             Microsoft Windows PE 2.0 
osdevice                ramdisk=[boot]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
detecthal               Yes
winpe                   Yes
ems                     Yes
 
Windows Boot Loader
-------------------
identifier              {a930814b-f044-11e0-b3ed-8a1bef2ad4be}
device                  ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{a930814c-f044-11e0-b3ed-8a1bef2ad4be}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{a930814c-f044-11e0-b3ed-8a1bef2ad4be}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {158181c0-9a00-11db-8a1d-b11d19fd3102}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {a930814c-f044-11e0-b3ed-8a1bef2ad4be}
description             Ramdisk Options
ramdisksdidevice        partition=D:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             Ramdisk Options
ramdisksdidevice        boot
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-12-15 20:29
 
==================== End Of Log ============================
 
Users shortcut scan result (x64) Version: 14-12-2014 01
Ran by Izilda at 2014-12-17 01:36:55
Running from C:\Users\Izilda\Downloads
Boot Mode: Normal
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Desktop.lnk -> C:\Program Files (x86)\EasyBits For Kids\ezSecShield.exe (EasyBits Software AS)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro PDF Professional.lnk -> C:\Windows\Installer\{EB8FF6C8-811B-4395-8584-EF4C7A0C8199}\Professional.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Reader 3.lnk -> C:\Windows\Installer\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}\Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\Uninstall WinPcap 4.1.2.lnk -> C:\Program Files (x86)\WinPcap\uninstall.exe (CACE Technologies, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vono\Vono.lnk -> C:\Program Files (x86)\Vono\Vono\Vono.exe (Vono)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOIP Recorder\VOIPRecorder.exe.lnk -> C:\Program Files (x86)\VOIP Recorder\VOIPRecorder.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vidalia Bridge Bundle\Uninstall.lnk -> C:\Program Files (x86)\Vidalia Bridge Bundle\Uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Alternate Start.lnk -> C:\Program Files\SUPERAntiSpyware\RUNSAS.EXE (SUPERAdBlocker.com and SUPERAntiSpyware.com)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Help.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Drive Manager Real-Time.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe (Clarus, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEO PowerSuite\Rank Tracker.lnk -> C:\Program Files (x86)\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEO PowerSuite\Links\SEO PowerSuite Home Page.lnk -> C:\Program Files (x86)\SEO PowerSuite\SEO PowerSuite.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEO PowerSuite\Links\SEO PowerSuite Support.lnk -> C:\Program Files (x86)\SEO PowerSuite\SEO PowerSuite Support.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0\OmniPage SE.lnk -> C:\Windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Drive Manager\Samsung Drive Manager.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Billminder.lnk -> C:\Program Files (x86)\Quicken\billmind.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Quicken 2012.lnk -> C:\Program Files (x86)\Quicken\qw.exe (Intuit Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2012\Quicken Online Backup.lnk -> C:\Program Files (x86)\Quicken\QuickenOLBackupLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Desinstalar o Receitanet 1.01.lnk -> C:\Program Files (x86)\Programas RFB\Receitanet\Desinstalador.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB\Receitanet\Receitanet 1.01 .lnk -> C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe (SERPRO - Serviço Federal de Processamento de Dados)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF\Online User Guide.lnk -> C:\Program Files (x86)\Nitro PDF\PrimoPDF\Online_UG.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF\PrimoPDF Settings.lnk -> C:\Program Files (x86)\Nitro PDF\PrimoPDF\PrimoPDF.exe (Nitro PDF)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF\Uninstall.lnk -> C:\Program Files (x86)\Nitro PDF\PrimoPDF\uninstaller.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home Settings Initialization Tool.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBInit.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator\Preferences.lnk -> C:\Program1\Preferences.exe (Acro Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Creator\Readme.lnk -> C:\Program1\README.HTM ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSubtitlesPlayer\OpenSubtitlesPlayer V4.7.lnk -> C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe (ALLPlayer)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenSubtitlesPlayer\OpenSubtitlesPlayer V4.X on the Web.lnk -> C:\Program Files (x86)\OpenSubtitlesPlayer\PlayerLinkENG.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\eBay.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\Skype.lnk -> C:\Program Files (x86)\Online Services\Skype\SkypeSetup.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk -> C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe (Freeware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Blio.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Install Rhapsody.lnk -> C:\Program Files (x86)\Online Services\Rhapsody\RhapsodyHpq.EXE ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music and Media\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office 2007 Language Settings.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Diagnostics.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Digital Certificate for VBA Projects.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Language Preferences.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office 2010 Tools\Office Anytime Upgrade.lnk -> C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\LinkAssistant.lnk -> C:\Program Files (x86)\Link-AssistantCom\LinkAssistant\bin\linkassistant.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\SEO SpyGlass.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\WebSite Auditor.lnk -> C:\Program Files (x86)\Link-AssistantCom\WebSite Auditor\bin\websiteauditor.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\Links\Link-AssistantCom Home Page.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO PowerSuite.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link-AssistantCom\Links\Link-AssistantCom Support.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO PowerSuite Support.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc\IZArc Help.lnk -> C:\Program Files (x86)\IZArc\IZArc.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc\IZArc.lnk -> C:\Program Files (x86)\IZArc\IZArc.exe (IZSoftware)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc\Uninstall IZArc.lnk -> C:\Program Files (x86)\IZArc\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IZArc\What's New.lnk -> C:\Program Files (x86)\IZArc\WHATSNEW.TXT ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP CoolSense.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPThermalAssistant\HPThermalAssistant.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Download Store.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP SimplePass 2011.lnk -> C:\Program Files (x86)\HP SimplePass 2011\Splash.exe (HP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Recovery Manager\HP Recovery Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery Manager\Rebecca.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Handbrake.lnk -> C:\Program Files\Handbrake\Handbrake.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake\Uninstall.lnk -> C:\Program Files\Handbrake\uninst.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk\Suporte\Desinstalar o Google Talk.lnk -> C:\Program Files (x86)\Google\Google Talk\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Uninstall Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.52\Installer\setup.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync\Delete saved Google Apps Sync passwords.lnk -> C:\Program Files (x86)\Google\Google Apps Sync\profilepassworddelete.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync\Set up a Google Apps Sync user.lnk -> C:\Program Files (x86)\Google\Google Apps Sync\profileeditor.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Migration\Google Apps Migration For Microsoft Outlook®.lnk -> C:\Windows\Installer\{16CA4BD4-27ED-4DA0-9190-48F69D8AAC25}\MainIcon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe (Tim Kosse)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FilesOpened\Uninstall.lnk -> C:\Program Files (x86)\Files Opened\uninst.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Evernote.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star\Power Saving.lnk -> C:\Windows\Installer\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}\_FA5007C6DF56413F6D252E.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk -> C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe (DivX, LLC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk -> C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam\CyberLink YouCam.lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColorMania\Blacksun Software Website.lnk -> C:\Program Files (x86)\ColorMania\Blacksun Software.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColorMania\ColorMania Help.lnk -> C:\Program Files (x86)\ColorMania\ColorMania.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColorMania\ColorMania.lnk -> C:\Program Files (x86)\ColorMania\ColorMania.exe (Blacksun Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColorMania\ReadMe.txt.lnk -> C:\Program Files (x86)\ColorMania\readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ColorMania\Uninstall ColorMania.lnk -> C:\Program Files (x86)\ColorMania\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuzzBundle\BuzzBundle.lnk -> C:\Program Files (x86)\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuzzBundle\Links\BuzzBundle Support.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO PowerSuite Support.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BuzzBundle\Links\BuzzBundle.lnk -> C:\Program Files (x86)\Link-AssistantCom\BuzzBundle\BuzzBundle.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Ashampoo Burning Studio 12  .lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\burningstudio12.exe (Ashampoo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Backup Extractor.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\backupextractor12.exe (Ashampoo)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Help.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\lang\BurningStudio-en-us.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Readme.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\readme_en_us.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Uninstall Ashampoo Burning Studio 12.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\AMD VISION Engine Control Center.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD\System Monitor\System Monitor.lnk -> C:\Windows\Installer\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}\_F1C054FA5B6A1D3536A9CC.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\Desktop.lnk -> C:\Users\Izilda\Desktop ()
Shortcut: C:\Users\Izilda\Links\Downloads.lnk -> C:\Users\Izilda\Downloads ()
Shortcut: C:\Users\Izilda\Links\Dropbox.lnk -> C:\Users\Izilda\Dropbox ()
Shortcut: C:\Users\Izilda\Documents\Youcam\CyberLink YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Izilda\Documents\OneNote Notebooks\Documents - Shortcut.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms ()
Shortcut: C:\Users\Izilda\Documents\OneNote Notebooks\Templates - Shortcut.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Templates ()
Shortcut: C:\Users\Izilda\Desktop\BuzzBundle.lnk -> C:\Program Files (x86)\Link-AssistantCom\BuzzBundle\bin\buzzbundle.exe ()
Shortcut: C:\Users\Izilda\Desktop\caixa_doctor_2013 - Shortcut.lnk -> C:\Users\Izilda\Dropbox\Doctor Virtual\ADM\2013\caixa_doctor_2013.xlsx ()
Shortcut: C:\Users\Izilda\Desktop\caixa_doctor_2014 - Shortcut.lnk -> C:\Users\Izilda\Dropbox\Doctor Virtual\ADM\2014\caixa_doctor_2014.xlsx ()
Shortcut: C:\Users\Izilda\Desktop\ColorMania.lnk -> C:\Program Files (x86)\ColorMania\ColorMania.exe (Blacksun Software)
Shortcut: C:\Users\Izilda\Desktop\Controle Projetos SEO - Shortcut.lnk -> C:\Users\Izilda\Dropbox\Doctor Virtual\SEO\Controle Projetos SEO.xls ()
Shortcut: C:\Users\Izilda\Desktop\LinkAssistant.lnk -> C:\Program Files (x86)\Link-AssistantCom\LinkAssistant\bin\linkassistant.exe ()
Shortcut: C:\Users\Izilda\Desktop\Livro Caixa - Doctor Virtual - Shortcut.lnk -> C:\Users\Izilda\Dropbox\Doctor Virtual\ADM\Livro Caixa - Doctor Virtual.xlsx ()
Shortcut: C:\Users\Izilda\Desktop\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\Users\Izilda\Desktop\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Izilda\Desktop\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Izilda\Desktop\Rank Tracker.lnk -> C:\Program Files (x86)\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe ()
Shortcut: C:\Users\Izilda\Desktop\Samsung Drive Manager.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe (Clarus, Inc.)
Shortcut: C:\Users\Izilda\Desktop\SEO cirurgia plastica - Shortcut.lnk -> C:\Users\Izilda\Dropbox\Doctor Virtual\SEO\SEO cirurgia plastica.xlsx ()
Shortcut: C:\Users\Izilda\Desktop\SEO SpyGlass.lnk -> C:\Program Files (x86)\Link-AssistantCom\SEO SpyGlass\bin\seospyglass.exe ()
Shortcut: C:\Users\Izilda\Desktop\SpyHunter.lnk -> C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Izilda\Desktop\Update Checker.lnk -> C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
Shortcut: C:\Users\Izilda\Desktop\WebSite Auditor.lnk -> C:\Program Files (x86)\Link-AssistantCom\WebSite Auditor\bin\websiteauditor.exe ()
Shortcut: C:\Users\Izilda\Desktop\µTorrent.lnk -> C:\Users\Izilda\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\Google Chrome.lnk -> C:\Documents and Settings\Aspire One\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\OUTROS ATALHOS\DivX Movies.lnk -> C:\Users\Izilda\Documents\Meus vídeos\DivX Movies (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\OUTROS ATALHOS\DivX Plus Converter.lnk -> C:\Program Files\DivX\DivX Plus Converter\DivXConverterLauncher.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\OUTROS ATALHOS\DivX Plus Player.lnk -> C:\Program Files\DivX\DivX Plus Player\DivX Plus Player.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\OUTROS ATALHOS\Meebo Notifier.lnk -> C:\Documents and Settings\Aspire One\Configurações locais\Dados de aplicativos\Meebo\Meebo Notifier\MeeboNotifier.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\OUTROS ATALHOS\Norton Security Scan.lnk -> C:\Program Files\Norton Security Scan\Engine\3.5.1.10\Nss.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\OUTROS ATALHOS\PrimoPDF - Drop Files Here to Convert!.lnk -> C:\Program Files\Nitro PDF\PrimoPDF\PrimoPDF.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\IMAGENS LEGAIS\Atalho para olhos de pantera.lnk -> C:\Documents and Settings\Aspire One\Meus documentos\Downloads\olhos de pantera.jpg (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\CLIENTES\Paulo Silva\Atalho para Paulo Cezar - v2 - BRANCO.lnk -> C:\Documents and Settings\Aspire One\Meus documentos\Downloads\Paulo Cezar - v2 - BRANCO.jpg (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\CLIENTES\Paulo Silva\Atalho para Paulo Cezar - v2 - PRETO.lnk -> C:\Documents and Settings\Aspire One\Meus documentos\Downloads\Paulo Cezar - v2 - PRETO.jpg (No File)
Shortcut: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Desktop\CLIENTES\Leizi Regina Barreto Silva\Briefing - Leizi Regina.lnk -> C:\Documents and Settings\Aspire One\Meus documentos\Downloads\Briefing - Leizi Regina.xls (No File)
Shortcut: C:\Users\Izilda\Desktop\Clientes\Arquivos Izilda Floripa\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -> C:\Arquivos de Programas RFB\IRPF2012\IRPF2012.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\Adobe Reader X.lnk -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Izilda\Desktop\Applications\Advanced Email Extractor PRO (2).lnk -> C:\Program Files (x86)\Advanced Email Extractor PRO\AeePro.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\Advanced Email Extractor PRO.lnk -> C:\Program Files (x86)\Advanced Email Extractor PRO\AeePro.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\Advanced Link Manager.lnk -> C:\Program Files (x86)\Caphyon\Advanced Web Ranking\AdvancedLinkManager.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\Advanced Web Ranking.lnk -> C:\Program Files (x86)\Caphyon\Advanced Web Ranking\AdvancedWebRanking.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\ALLConverter PRO.lnk -> C:\Program Files (x86)\ALLConverter PRO\ALLConverterPro.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\Ashampoo Burning Studio 12.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\burningstudio12.exe (Ashampoo)
Shortcut: C:\Users\Izilda\Desktop\Applications\bcWebCam.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Installer\{442D8477-F1A6-4C62-8F89-D5BCDF81A298}\_E9E222C6E687975FB24805.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\Blio eBooks.lnk -> C:\Program Files (x86)\K-NFB Reading Technology Inc\Blio\KNFB.Reader.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\DivX Converter.lnk -> C:\Program Files (x86)\DivX\DivX Converter\DivXConverterLauncher.exe (DivX, LLC.)
Shortcut: C:\Users\Izilda\Desktop\Applications\DivX Movies.lnk -> C:\Users\Izilda\Videos\DivX Movies ()
Shortcut: C:\Users\Izilda\Desktop\Applications\DivX Player.lnk -> C:\Program Files (x86)\DivX\DivX Player\DivX Player.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\eBay.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\FileZilla Client.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\Users\Izilda\Desktop\Applications\FTPPasswordKracker.lnk -> C:\Program Files (x86)\SecurityXploded\FTPPasswordKracker\FTPPasswordKracker.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\GIMP 2.lnk -> C:\Program Files\GIMP 2\bin\gimp-2.8.exe (Spencer Kimball, Peter Mattis and the GIMP Development Team)
Shortcut: C:\Users\Izilda\Desktop\Applications\Google Earth.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google)
Shortcut: C:\Users\Izilda\Desktop\Applications\Handbrake.lnk -> C:\Program Files\Handbrake\Handbrake.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\HP Support Assistant.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Izilda\Desktop\Applications\ISO to USB.lnk -> C:\Program Files (x86)\ISO to USB\isotousb.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\iTunes.lnk -> C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Izilda\Desktop\Applications\King's Quest III Redux.lnk -> C:\Program Files (x86)\AGD Interactive\King's Quest III Redux\Launcher.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\LiveZilla Client.lnk -> C:\Program Files (x86)\LiveZilla\LiveZilla.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\LiveZilla Server Admin.lnk -> C:\Program Files (x86)\LiveZilla\LiveZilla Server Admin.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\ManyCam.lnk -> C:\Program Files (x86)\ManyCam\ManyCam.exe (Visicom Media Inc.)
Shortcut: C:\Users\Izilda\Desktop\Applications\MegaJogos.lnk -> C:\Users\Izilda\MegaJogos\starter.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\Nitro PDF Professional.lnk -> C:\Program Files (x86)\Nitro PDF\Professional\NitroPDF.exe (Nitro PDF)
Shortcut: C:\Users\Izilda\Desktop\Applications\Nitro Reader.lnk -> C:\Program Files (x86)\Nitro PDF\Reader 2\NitroPDFReader.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\Norton AntiVirus.lnk -> C:\Program Files (x86)\Norton AntiVirus\Engine64\19.9.0.9\uistub.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\OpenSubtitlesPlayer V4.7.lnk -> C:\Program Files (x86)\OpenSubtitlesPlayer\OpenSubtitlesPlayer.exe (ALLPlayer)
Shortcut: C:\Users\Izilda\Desktop\Applications\PlayMemories Home.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation)
Shortcut: C:\Users\Izilda\Desktop\Applications\Quicken Deluxe 2012.lnk -> C:\Program Files (x86)\Quicken\qw.exe (Intuit Inc.)
Shortcut: C:\Users\Izilda\Desktop\Applications\Receitanet 1.01 .lnk -> C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe (SERPRO - Serviço Federal de Processamento de Dados)
Shortcut: C:\Users\Izilda\Desktop\Applications\Snapfish.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\Stellarium.lnk -> C:\Program Files\Stellarium\stellarium.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\TeamViewer 7.lnk -> C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\TIM Communicator.lnk -> C:\Program Files (x86)\TIM Communicator\orolixcommunicator.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\VIVO INTERNET.lnk -> C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe (No File)
Shortcut: C:\Users\Izilda\Desktop\Applications\VOIPRecorder.exe.lnk -> C:\Program Files (x86)\VOIP Recorder\VOIPRecorder.exe ()
Shortcut: C:\Users\Izilda\Desktop\Applications\Vono.lnk -> C:\Program Files (x86)\Vono\Vono\Vono.exe (Vono)
Shortcut: C:\Users\Izilda\Desktop\Applications\µTorrent.lnk -> C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -> C:\Users\Izilda\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MP3 Skype Recorder.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Installer\{CB606F47-7D0E-40DF-95BB-0E5413A1295F}\_A5FB52A5077E324DBDA19B.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk -> C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe (Enigma Software Group USA, LLC.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2012.lnk -> C:\Arquivos de Programas RFB\IRPF2012\IRPF.chm ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2012.lnk -> C:\Arquivos de Programas RFB\IRPF2012\uninstall.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -> C:\Arquivos de Programas RFB\IRPF2012\IRPF2012.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2012.lnk -> C:\Arquivos de Programas RFB\IRPF2012\Leia_me.htm ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe (Dropbox, Inc.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bcWebCam\bcWebCam help system.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Installer\{442D8477-F1A6-4C62-8F89-D5BCDF81A298}\_614712536906E6FCD8E6A9.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bcWebCam\bcWebCam uninstall.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Installer\{442D8477-F1A6-4C62-8F89-D5BCDF81A298}\_227D2066E95E03294CBE8A.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\bcWebCam\bcWebCam.lnk -> C:\Users\Izilda\AppData\Roaming\Microsoft\Installer\{442D8477-F1A6-4C62-8F89-D5BCDF81A298}\_E9E222C6E687975FB24805.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\SendTo\Dropbox.lnk -> C:\Users\Izilda\Dropbox ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IZArc.lnk -> C:\Program Files (x86)\IZArc\IZArc.exe (IZSoftware)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -> C:\Users\Izilda\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\hpDST.lnk -> C:\Program Files (x86)\Hewlett-Packard\Setup Manager\hpDST.exe (Hewlett-Packard Company)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Rank Tracker.lnk -> C:\Program Files (x86)\SEO PowerSuite\Rank Tracker\bin\ranktracker.exe ()
Shortcut: C:\Users\Izilda\AppData\Local\Xenocode\Sandbox\Corel Graphics Applications\15.0.0.486\2010.03.02T04.07\Virtual\MODIFIED\@DESKTOPCOMMON@\CorelDRAW X5.lnk -> c:\WINDOWS\Installer\{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}\NewShortcut1.exe (No File)
Shortcut: C:\Users\Izilda\AppData\Local\Xenocode\Sandbox\Corel Graphics Applications\15.0.0.486\2010.03.02T04.07\Virtual\MODIFIED\@DESKTOPCOMMON@\Video Tutorials.lnk -> c:\WINDOWS\Installer\{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}\NewShortcut6_CB374E334DC6464A9290A10D941E6568.exe (No File)
Shortcut: C:\Users\Izilda\4Sync\Getting Started with 4Sync.lnk -> C:\Program Files (x86)\4Sync\Getting Started with 4Sync.pdf (No File)
Shortcut: C:\Users\Public\Documents\YouCam\YouCam(Webcam).lnk -> C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\FileZilla Client.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
Shortcut: C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk -> C:\Program Files (x86)\Nitro PDF\PrimoPDF\PrimoPDF.exe (Nitro PDF)
Shortcut: C:\Users\Public\Desktop\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe ()
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe ()
Shortcut: C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
Shortcut: C:\Users\Public\Desktop\Vono.lnk -> C:\Program Files (x86)\Vono\Vono\Vono.exe (Vono)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Linksys Connect.lnk -> C:\Program Files (x86)\Linksys\Linksys Connect\Linksys Connect.exe (Belkin International, Inc.) ->  
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware\SUPERAntiSpyware Registration-Activation.lnk -> C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware) ->  /register
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0\Scanner Wizard.lnk -> C:\Windows\Installer\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}\_17B2407FE16E_4666_99A0_2FFCA0A8D3BA.exe () -> /w /a [OmniPage SE 2.0] /l [eng]
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Drive Manager\Remover Samsung Drive Manager.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0012 -removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Drive Manager\Samsung Drive Manager Update.lnk -> C:\Program Files (x86)\Clarus\Samsung Drive Manager\XUpdate.exe (Clarus, Inc.) -> -I -Manual
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe (Samsung Electronics Co., Ltd.                                ) -> /removeonly
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home Help.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation) -> /Help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services\getonline.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support\HP Connection Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company L.P.) -> FromStartup
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Recovery Manager\HP Recovery Media Creation.lnk -> C:\Program Files (x86)\Hewlett-Packard\Recovery Manager\Rebecca.exe () -> \CRM
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk\Google Talk.lnk -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) -> /startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Talk\Suporte\Google Talk Modo de diagnóstico do.lnk -> C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google) -> /diag
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setDX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk -> C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe (Google) -> -setOGL
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth .lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync\Add account for delegation.lnk -> C:\Program Files (x86)\Google\Google Apps Sync\profileeditor.exe (Google Inc.) -> --add_pure_delegate_user=true
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync\Import data to Google Apps Sync.lnk -> C:\Program Files (x86)\Google\Google Apps Sync\profileeditor.exe (Google Inc.) -> --import_data_only=true
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Casual Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Enthusiast Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Family Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All Kids Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\All MMO Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bejeweled 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 3\Bejeweled3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Club Penguin.lnk -> C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk -> C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Free Realms.lnk -> C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Habbo Hotel.lnk -> C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from HP Games.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mystery P.I. - Stolen in San Francisco.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\MysteryPISanFrancisco-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Pixie Hollow.lnk -> C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk -> C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk -> C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Slingo Supreme.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Slingo Supreme\SlingoSupreme-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\WildTangent Games App - hp.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe" /src gamesmenuoem /dp hpcnb2c11
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk -> C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe" /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gamesmenuoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Create Ink Note.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Ink_Note.ico () -> /newinknote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote\Create Note.lnk -> C:\Windows\Installer\{F761359C-9CED-45AE-9A51-9D6605CD55C4}\Evernote.ico () -> /newnote
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Check for Updates.lnk -> C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, LLC) -> /start=update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Register.lnk -> C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe (DivX, LLC) -> /start=registration
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Ashampoo Burning Studio 12 Compact Mode.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\burningstudio12.exe (Ashampoo) -> -compact
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center\Help.lnk -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe (ATI Technologies Inc.) -> Start Help -help
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{fac60ee0-3e65-46c0-862e-52d1e16fa6d1}\PlayTasks\0\Farm Frenzy.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Farm Frenzy\Farm Frenzy-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{e9f7e4c9-fbef-42e7-b19f-48bf2ea8176b}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{dcf8c30f-84f6-4475-829d-2dea8d873786}\PlayTasks\0\Blackhawk Striker 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Blackhawk2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{d58eecb0-0816-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=d58eecb0-0816-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c44af186-ce1f-41b7-94d3-def66a94aeeb}\PlayTasks\0\Poker Superstars III.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Poker Superstars III\Poker3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{c3c636e0-1b04-11de-8c30-0800200c9a66}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=c3c636e0-1b04-11de-8c30-0800200c9a66 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b3454272-20b1-4853-9201-5a71a281bf30}\PlayTasks\0\FATE - The Traitor Soul.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Fate-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{b0a33b86-31a7-4631-ba6d-b5a4fe1606d9}\PlayTasks\0\Chuzzle Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Chuzzle Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{a897d9a2-a669-4856-bdc4-f84ea324cf47}\PlayTasks\0\Slingo Supreme.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Slingo Supreme\SlingoSupreme-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9e81298d-ecad-4464-b46d-0ffb96e1d270}\PlayTasks\0\Mah Jong Medley.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mah Jong Medley\MahJong2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9d36fecf-a272-4632-a018-906223216b09}\PlayTasks\0\Polar Bowler.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Bowler\Polar-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9c57dc32-44bf-4dad-8cce-4d334f4f725a}\PlayTasks\0\Dora's World Adventure.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Dora's World Adventure\DoraAdventure-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{9b9b12f2-7e8f-4fe3-8365-8998b415574d}\PlayTasks\0\Polar Golfer.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Polar Golfer\golf-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{989c5174-cdb7-456a-81a0-8c2d6e45d6c5}\PlayTasks\0\Plants vs. Zombies - Game of the Year.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\plantsvszombies-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{977b5905-4d14-47f1-bbbf-7b92f596695d}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - main\provider.exe (WildTangent) -> /id=977b5905-4d14-47f1-bbbf-7b92f596695d /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{961391a5-faff-4656-b639-9469eafbd166}\PlayTasks\0\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{93c5e4ca-9d35-4bd8-95b1-c7327601d483}\PlayTasks\0\Penguins!.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Penguins!\penguins-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{90e6e1ce-1450-49b0-b6e3-82e43551c60f}\PlayTasks\0\Namco All-Stars PAC-MAN.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\pacman-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{8dde8af6-a947-49ea-8858-e46765d3acb9}\PlayTasks\0\Bounce Symphony.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bounce Symphony\bounce-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{736aff42-8708-4017-be92-eb94aabb558f}\PlayTasks\0\Mystery P.I. - Stolen in San Francisco.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\MysteryPISanFrancisco-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{677247CF-4120-46DC-A3DF-71588CC9CB7E}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Shaiya\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{5ea2c3d3-899a-4d22-b46b-e03dc3c2a115}\PlayTasks\0\Bejeweled 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 3\Bejeweled3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{58081f22-f467-440d-b45a-d1207a716bdd}\PlayTasks\0\Wheel of Fortune 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Wheel Of Fortune-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{530bf15f-039a-4796-9724-3503dfc6796a}\PlayTasks\0\Zuma Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Zuma Deluxe\Zuma Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{502CF397-846F-459B-AB59-9826E34B7ECE}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Club Penguin\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4f4fa136-6ede-454c-9495-620e06dcb70f}\PlayTasks\0\Cake Mania.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Cake Mania\Cake Mania-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{4c62c261-4bc4-4df9-9107-4f91e6a38018}\PlayTasks\0\Diner Dash 2 Restaurant Rescue.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Diner Dash 2 Restaurant Rescue-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{41F454F5-BF18-49DC-AF06-C69765992EDB}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{40E227A9-5146-4228-B973-C5CE3CAAC442}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Free Realms\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3eda1e54-8889-41f5-a649-5a306789b7ef}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=3eda1e54-8889-41f5-a649-5a306789b7ef /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{3c4466d3-a3d7-410d-97ed-d148233326db}\PlayTasks\0\Bejeweled 2 Deluxe.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Bejeweled 2 Deluxe-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{2D080D0F-37EF-433E-90F1-CE36EB0205F6}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Seafight\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{26352374-af55-4b53-b07b-6b0288ed97df}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=26352374-af55-4b53-b07b-6b0288ed97df /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{22A975C0-D22F-482C-A387-637EEC15870F}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{227680FF-28CE-48EE-AADF-8D009B2813A9}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{1cd10db5-fd52-412c-8f5d-106e71b1c9bd}\PlayTasks\0\Build-a-lot 2.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Build-a-lot 2\Buildalot2-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{119eedc1-0c64-4f7d-a42f-15559b86ea74}\PlayTasks\0\Virtual Villagers 4 - The Tree of Life.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Virtual Villagers - The Tree of Life-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{09c578b5-3aa9-45e6-aff9-d128b52cfa9a}\PlayTasks\0\web.lnk -> C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe (WildTangent) -> "C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\launcher.exe" /src gameexploreroemoem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{060c286e-7b14-4bf4-9936-205028416ca7}\PlayTasks\0\Blasterball 3.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Blasterball 3\BlasterBall3-WT.exe" /launchgc /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\GameExplorer\{000d96f5-8034-4b74-a429-b6f0b04c75f4}\PlayTasks\0\provider.lnk -> C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\provider.exe (WildTangent) -> /id=000d96f5-8034-4b74-a429-b6f0b04c75f4 /src gameexploreroem
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\HP Setup\launchreg.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\RunOnceHPTCS.exe () -> MODE=Registration
ShortcutWithArgument: C:\ProgramData\Hewlett-Packard\base\launch_base.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Setup\hptcs.exe (Hewlett-Packard) -> MODE=GETONLINE
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Izilda\Desktop\Dropbox.lnk -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Izilda\Desktop\Applications\Ashampoo Burning Studio 12 Compact Mode.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\burningstudio12.exe (Ashampoo) -> -compact
ShortcutWithArgument: C:\Users\Izilda\Desktop\Applications\PlayMemories Home Help.lnk -> C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe (Sony Corporation) -> /Help
ShortcutWithArgument: C:\Users\Izilda\Desktop\Applications\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\Users\Izilda\Desktop\Applications\WildTangent Games App - hp.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\WildTangent Games\App\GameConsole-wt.exe" /src desktopoem /dp hpcnb2c11
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /systemstartup
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /X {4FC9DA9D-F608-454E-8191-D7EFFDCC5726}
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk -> C:\Users\Izilda\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) -> /home
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 12\Ashampoo Burning Studio 12 Compact Mode.lnk -> C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 12\burningstudio12.exe (Ashampoo) -> -compact
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) ->  -extoff
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto:
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) ->  /recycle
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite
ShortcutWithArgument: C:\Users\Izilda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %systemRoot%\system32\shell32.dll,Options_RunDLL 1
ShortcutWithArgument: C:\Users\Izilda\AppData\Local\Microsoft\Windows\GameExplorer\{961391a5-faff-4656-b639-9469eafbd166}\PlayTasks\0\Agatha Christie - Peril at End House.lnk -> C:\Program Files (x86)\HP Games\onplay\onplay.exe () -> "C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Agatha Christie - Peril at End House-WT.exe" /launchgc /src gameexploreroem
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap\WinPcap Web Site.url -> hxxp://www.winpcap.org/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vono\Vono - Guia de uso.url -> hxxp://softfone.vono.net.br/APP/0000/0000/RELEASE/4.6.0000.0000/UserGuide/index.html
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Theft Protection\LoJack Theft Protection - Learn More Now.url -> hxxp://www.absolute.com/HP
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync\Google Apps Sync Admin Setup Guide.url -> 0
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Apps Sync\Google Apps Sync User Guide.url -> 0
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\RPM\Custom\icons\Experian.url -> hxxp://qw2011.quicken.com/cgi-bin/qd.cgi/w/2011/07-ot-50
InternetURL: C:\ProgramData\Intuit\Quicken\Sku\Hab\Custom\icons\Experian.url -> hxxp://qw2011.quicken.com/cgi-bin/qd.cgi/w/2011/07-ot-50
InternetURL: C:\Users\Default\Favorites\Links\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=presario&tp=iefavbar&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Default\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Default\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=iefavs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
InternetURL: C:\Users\Default\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Default\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_us
InternetURL: C:\Users\Default\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\4shared.com - free file sharing and storage - download.url -> hxxp://search.4shared.com/postDownload/fKnSkv6_/CONECTANDO.html
InternetURL: C:\Users\Izilda\Favorites\All About Dehydrated Vegetables.url -> https://www.usaemerg..._vegetables.htm
InternetURL: C:\Users\Izilda\Favorites\Antique appraisals Antique repair questions Ask an antique Expert.url -> hxxp://www.justanswer.com/sip/antiques?r=ppc
ga
3
General+%2D+Antiques
Antique+Vintage&JPKW=vintage&JPDC=C&JPST=wiki.answers.com&JPAD=8366258328&JPAF=txt&JPCD=20110727&JPRC=1&JPMT=&JPNW=d&JPOP=TransAntiquesNum&gclid=CNC7956d1a0CFYPc4AodXH3QlQ
InternetURL: C:\Users\Izilda\Favorites\Antiques, Art and Collectibles - What's it Worth  WorthPoint.url -> hxxp://www.worthpoint.com/?utm_source=Bing&utm_medium=cpc%20&utm_term=old%20magazines%20for%20sale&utm_content=950405835&utm_campaign=8208403890
InternetURL: C:\Users\Izilda\Favorites\Asparagus Salad Topped with Poached Eggs Recipe - Delish.com.url -> hxxp://www.delish.com/recipefinder/asparagus-salad-topped-poached-eggs-recipe-ew0312
InternetURL: C:\Users\Izilda\Favorites\Bachelor of Arts in English  American Public University.url -> hxxp://www.apu.apus.edu/lp2/english/bachelors.htm?gclid=CIiGjc2mja4CFYhgTAod6Bs0fA
InternetURL: C:\Users\Izilda\Favorites\Broward.org.url -> hxxp://www.broward.org/RECORDSTAXESTREASURY/RECORDS/Pages/IndexFiles-Completed.aspx
InternetURL: C:\Users\Izilda\Favorites\Canon U.S.A.  Support & Drivers  CanoScan LiDE 500F.url -> hxxp://www.usa.canon.com/cusa/support/consumer/scanners/canoscan_series/canoscan_lide_500f#ServiceAndSupport
InternetURL: C:\Users\Izilda\Favorites\Career College, Technical Schools & Trade School Search - CollegeSurfing.com.url -> hxxp://www.collegesurfing.com/p/sl/1092/13266943/index.php?category=256&program=276&zip=33026&submitButton=&template_id=1092&campaign_id=13266943&module=path&hive_op=profile&step_collation=1&pre_selectedCategory=256&pre_selectedProgram=260&site_id=
InternetURL: C:\Users\Izilda\Favorites\Chase Online - Identification Code.url -> https://chaseonline....liverymode.aspx
InternetURL: C:\Users\Izilda\Favorites\Chase Online - Identification.url -> https://chaseonline....entifyUser.aspx
InternetURL: C:\Users\Izilda\Favorites\Chelsea Kane Graduated Bob - Short Hairstyles Lookbook - StyleBistro.url -> hxxp://www.stylebistro.com/lookbook/Short+Hairstyles/gyzoogZZhGp
InternetURL: C:\Users\Izilda\Favorites\Cinnamon Oranges Recipe - Delish.com.url -> hxxp://www.delish.com/recipefinder/cinnamon-oranges-recipe-2303
InternetURL: C:\Users\Izilda\Favorites\Comfort Food Recipes - Comfort Foods for Winter - Delish.com.url -> hxxp://www.delish.com/recipes/cooking-recipes/comfort-food-recipes-winter
InternetURL: C:\Users\Izilda\Favorites\Communications - I Communications Director Brazil jobs in São Paulo, Brazil at Boeing.url -> hxxp://jobs-boeing.com/br/s%C3%A3o-paulo/communications/i-communications-director-brazil-jobs
InternetURL: C:\Users\Izilda\Favorites\Consulado-Geral do Brasil em Miami.url -> hxxp://miami.itamaraty.gov.br/pt-br/documentos_brasileiros_arb,_passaporte,_cpf,_militar,_titulo_de_eleitor__.xml
InternetURL: C:\Users\Izilda\Favorites\Creative Director Interactive Experience.url -> hxxp://www.qualifiedcreatives.com/Job-Details.aspx?postid=2c771837-47a4-4280-ae21-81b291dc9603
InternetURL: C:\Users\Izilda\Favorites\Dólar americano.url -> hxxp://www4.bcb.gov.br/pec/taxas/batch/taxas.asp?id=txdolar
InternetURL: C:\Users\Izilda\Favorites\Eating Well.url -> hxxp://www.eatingwell.com/food_news_origins/organic_natural/7_simple_ways_to_detox_your_diet_and_your_home?utm_source=health.msnLink2mar&utm_medium=detox
InternetURL: C:\Users\Izilda\Favorites\Edit City Descriptions in Portuguese (Brazil) - Jobs - oDesk.url -> https://www.odesk.co...red&_redirected
InternetURL: C:\Users\Izilda\Favorites\Electronics Recycling Drop-Off Locations.url -> hxxp://www.broward.org/WASTEANDRECYCLING/RECYCLING/Pages/ElectronicsDropOff.aspx
InternetURL: C:\Users\Izilda\Favorites\Evolution Wellness Center - Services - Weight Loss Acupuncture & holistic medicine.url -> hxxp://www.evowellness.com/services.aspx
InternetURL: C:\Users\Izilda\Favorites\Find Jobs - Portuguese Speaking Accounting Clerk Jobs in Fort Lauderdale, Florida - Southern Cross Aviation.url -> hxxp://www.careerbuilder.com/JobSeeker/Jobs/JobDetails.aspx?ipath=EXGOO&siteid=CBSIMPLYHIRED&Job_DID=J8B7XQ65FVMXS4N7TBX
InternetURL: C:\Users\Izilda\Favorites\Florida CPA School  CPA Degree and Online Accounting Programs.url -> hxxp://www.accountingedu.org/FL?level=1,2,3&programs=CPA
InternetURL: C:\Users\Izilda\Favorites\Full Sail University - Winter Park, FL.url -> hxxp://www.fullsail.edu/index.cfm?fa=landing.CWMFA_2a&mnc=2142&kw=Learn_Orange%20NFHC&utm_source=MAZ&utm_medium=banner&utm_term=Learn_Orange%20NFHC&utm_content=CWMFA_2a&utm_campaign=CWMFA&subID=
InternetURL: C:\Users\Izilda\Favorites\Home - Lumosity.url -> hxxp://www.lumosity.com/app/v4/dashboard
InternetURL: C:\Users\Izilda\Favorites\How You Can Learn a Language in only 10 Days  How Life Works.url -> hxxp://www.howlifeworks.com/Article.aspx?Cat_URL=lifestyle&AG_URL=How_You_Can_Learn_a_Language_in_only_10_Days_283&AG_ID=1048&cid=7065sj_msnbc&aid=1155542
InternetURL: C:\Users\Izilda\Favorites\http--www.broward.org-BCT-MapsAndSchedules-.url -> hxxp://www.broward.org/BCT/MapsAndSchedules/Documents/Pembroke95web.pdf
InternetURL: C:\Users\Izilda\Favorites\http--www.iluss.it-tests.html.url -> hxxp://www.iluss.it/tests.html
InternetURL: C:\Users\Izilda\Favorites\Humane Society of Broward County - Tweety's Black Velvet Club.url -> hxxp://www.humanebroward.com/php/tweetyblackvelvet.php
InternetURL: C:\Users\Izilda\Favorites\infographic How Refinancing Can Help Families  The White House.url -> hxxp://www.whitehouse.gov/infographics/refinancing
InternetURL: C:\Users\Izilda\Favorites\Intuit Quicken Deluxe 2012 Download,Quicken Products.url -> hxxp://www.turbotaxdownload.org/Intuit-Quicken-Deluxe-2012-Download.htm
InternetURL: C:\Users\Izilda\Favorites\Is Your Child a U.S. Citizen if Born Abroad  LegalZoom.url -> hxxp://www.legalzoom.com/marriage-divorce-family-law/family-law-basics/is-your-child-us
InternetURL: C:\Users\Izilda\Favorites\Italian Shoes  Rina's Boutique.url -> hxxp://www.rinastore.com/index.php?page=browsegrid.php&categoryid=441
InternetURL: C:\Users\Izilda\Favorites\Kollagen Intensiv™ 2012's Best Anti-Aging Wrinkle Cream - Skin Care Product.url -> hxxp://www.kollagenintensiv.com/
InternetURL: C:\Users\Izilda\Favorites\Language Instructional Developer job with General Dynamics in Ft Bragg, North Carolina.url -> hxxp://www.womenscareerchannel.com/job-search/language-instructional-developer.2354943.html?from=SimplyHired&utm_source=SimplyHired&utm_medium=jobboard&utm_campaign=SimplyHired
InternetURL: C:\Users\Izilda\Favorites\Local Employment in U.S. Embassies and Consulates - U.S. Department of State.url -> hxxp://careers.state.gov/local-employment
InternetURL: C:\Users\Izilda\Favorites\MSN Careers - Companies hiring this month - Career Advice Article.url -> hxxp://msn.careerbuilder.com/Article/MSN-2006-Job-Search-Companies-hiring-this-month/?SiteId=cbmsnhp42006&sc_extcmp=JS_2006_home1
InternetURL: C:\Users\Izilda\Favorites\MSN Careers - Résumés in 2012 What's old, what's new - Career Advice Article.url -> hxxp://msn.careerbuilder.com/Article/MSN-2862-Cover-Letters-Resumes-Résumés-in-2012-Whats-old-whats-new/?SiteId=cbmsnhp42862&sc_extcmp=JS_2862_home1
InternetURL: C:\Users\Izilda\Favorites\Natural-Immunogenics.url -> hxxp://www.natural-immunogenics.com/exit-page.php?ExternalLinkID=1
InternetURL: C:\Users\Izilda\Favorites\O Globo  Notícias do jornal O Globo.url -> hxxp://busca.globo.com/Busca/oglobo/?query=o coregasmo
InternetURL: C:\Users\Izilda\Favorites\Pastpaper.com - Crinkley Bottom Books.url -> hxxp://www.pastpaper.com/index.htm
InternetURL: C:\Users\Izilda\Favorites\Personalized Skin Care by Jessica Simpson.url -> hxxp://start.beautymint.com/bm/?utm_source=HOaid1040&utm_medium=site&utm_campaign=HOaid1040oid31&transaction_id=102994522117431120216&aid=1$soc$p763$c1221$3697
InternetURL: C:\Users\Izilda\Favorites\Pimsleur Learn a Language in 10 days.url -> https://www.pimsleur...10715470_100152
InternetURL: C:\Users\Izilda\Favorites\President Passes New Refinance Plan To Reduce The Amount Homeowners Owe…Up To 12,000 A Year – Consumer Inquire.url -> hxxp://www.consumerinquire.com/?p=45&source=m_i
InternetURL: C:\Users\Izilda\Favorites\QuickMatch - a service of LendingTree.url -> https://offers.lendi...ide&irpid=15357
InternetURL: C:\Users\Izilda\Favorites\Refinance Mortgage, Refinancing Rates, Mortgage Rates - LowerMyBills.url -> https://www.lowermyb.../app/index.loan
InternetURL: C:\Users\Izilda\Favorites\Sunwarrior Protein Powder from Gina Harney on OpenSky.url -> https://opensky.com/...t&utm_campaign=
InternetURL: C:\Users\Izilda\Favorites\Sítio da RFB - Declaração do Imposto sobre a Renda da Pessoa Física 2012.url -> hxxp://www.receita.fazenda.gov.br/PessoaFisica/IRPF/2012/default.htm
InternetURL: C:\Users\Izilda\Favorites\The American Organization of Teachers of Portuguese, AOTP  www.aotpsite.org.url -> hxxp://www.aotpsite.org/main/summary
InternetURL: C:\Users\Izilda\Favorites\The Best New Group Workouts  Fitbie.url -> hxxp://fitbie.msn.com/slideshow/best-new-group-workouts
InternetURL: C:\Users\Izilda\Favorites\The White House blog - refinancing 15mai2012.url -> hxxp://www.whitehouse.gov/blog/2012/04/18/everything-you-need-know-helping-responsible-homeowners-refinance
InternetURL: C:\Users\Izilda\Favorites\Tumbled Stones, Tumblestones, Chakra Stones, Aura Stones, Gemstones, Crystal Pouches, Crystal Essence at Peacefulmind.com.url -> hxxp://www.peacefulmind.com/tumblestones.htm
InternetURL: C:\Users\Izilda\Favorites\UFSC - PROGRAMA DE MESTRADO DOUTORADO.url -> hxxp://www.antropologia.ufsc.br/ppgas/
InternetURL: C:\Users\Izilda\Favorites\UFSC - SINTER » Procedimentos p- candidatura.url -> hxxp://sinter.ufsc.br/ingresso-de-estrangeiros/procedimentos-para-intercambio-de-graduacao-na-ufsc/
InternetURL: C:\Users\Izilda\Favorites\Value my stuff.url -> hxxp://www.valuemystuff.com/us/get-a-valuation
InternetURL: C:\Users\Izilda\Favorites\Virgin Raw Bee Panacea.url -> hxxp://virginraw1.gostorego.com/virgin-raw-bee-panacea-2-5oz.html
InternetURL: C:\Users\Izilda\Favorites\vivexin + Resdermatrol wrinkle cream.url -> hxxp://www.womenshealth.com-2.tv/report/skin-care-secret-zus-12.php?
InternetURL: C:\Users\Izilda\Favorites\Vivexin.url -> hxxp://www.vivexin.com/trial_offer2.html?subid=200052
InternetURL: C:\Users\Izilda\Favorites\Welcome to Microsoft Office 2010 - Office.com.url -> hxxp://office.microsoft.com/en-us/welcome-to-microsoft-office-2010-FX101829963.aspx
InternetURL: C:\Users\Izilda\Favorites\Year-end tax planning - Your Money - MSN Money.url -> hxxp://finances.msn.com/save-money/31962066?from=en-us_msnhp
InternetURL: C:\Users\Izilda\Favorites\Links for United States\USA.gov.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Izilda\Favorites\Links\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=presario&tp=iefavbar&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Izilda\Favorites\Links\Ebay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=ebay&tp=iefavbar&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Izilda\Favorites\Links\HP - See What's Hot.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=webslice&tp=iefavbar&pf=cnnb&locale=en_us&bd=pavilion&c=111
InternetURL: C:\Users\Izilda\Favorites\Links\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&s=myhpgames&tp=iefavbar&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Izilda\Favorites\Links\Suggested Sites.url -> https://ieonline.mic...ft.com/#ieslice
InternetURL: C:\Users\Izilda\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315
InternetURL: C:\Users\Izilda\Favorites\HP\Accessories.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpaccessories&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\Activity Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=activitycenter&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\Amazon.com – Online Shopping.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&c=113&bd=pavilion&tp=iefavs&s=amazon&pf=cnnb&TYPE=4
InternetURL: C:\Users\Izilda\Favorites\HP\Digital Entertainment.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=digitalentm&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\eBay.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ebay&pf=cnnb&locale=en_us&bd=all&c=113
InternetURL: C:\Users\Izilda\Favorites\HP\Get Skype - Download for Free.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=skype&pf=cnnb&locale=en_ww&bd=all&c=none
InternetURL: C:\Users\Izilda\Favorites\HP\HP Download Store.url -> hxxp://redirect.hp.com/svs/rdr?locale=en_us&bd=all&tp=iefavs&pf=cnnb&s=hp_softwarestore&c=113&TYPE=4
InternetURL: C:\Users\Izilda\Favorites\HP\HP Games.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=myhpgames&pf=cnnb&locale=en_US&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\HP Home.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hphome&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\HP Store.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpstore&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\PC Discovery Center.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=hpclub&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\PC Security.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=pcsecurity&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\Photo Central.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=ephoto&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\Printing.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=printing&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Favorites\HP\Snapfish.url -> hxxp://www.snapfish.com/hp_notebook_desktopicon_2011_us
InternetURL: C:\Users\Izilda\Favorites\HP\Software and Driver Downloads.url -> hxxp://redirect.hp.com/svs/rdr?TYPE=4&tp=iefavs&s=downloads&pf=cnnb&locale=en_us&bd=all&c=111
InternetURL: C:\Users\Izilda\Dropbox\Doctor Virtual\Ferramentas\Imagens e Icones\clean-icon-set\Must Read.url -> hxxp://www.creativenerds.co.uk/
InternetURL: C:\Users\Izilda\Downloads\Janes Addiction - Kettle Whistle - 1997\Demons Eye Torrents (Powered by Invision Power Board).URL -> hxxp://www.demons-eye.net/index.php?
InternetURL: C:\Users\Izilda\Downloads\00-Fotos de Caetano\Private Life Of Sophie Evans\Free Depositfiles Gold Acount!!!.url -> hxxp://sexoshare.altervista.org/blog/free-premium-acount/
InternetURL: C:\Users\Izilda\Downloads\00-Fotos de Caetano\Private Life Of Sophie Evans\Tons of Free Porn!!!.url -> hxxp://sexoshare.altervista.org/blog/
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Google.url -> hxxp://www.google.com.br/
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Guia de estações de rádio.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=windows&sbp=mediaplayer&plcid=&pver=6.1&os=&over=&olcid=&clcid=&ar=Media&sba=RadioBar&o1=&o2=&o3=
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Âmbito Jurídico - Leitura de Artigo.url -> hxxp://www.ambito-juridico.com.br/site/index.php?n_link=revista_artigos_leitura&artigo_id=2747
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Sites da Microsoft na Web\Bem-vindo ao IE7.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68919
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Sites da Microsoft na Web\Marketplace.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72411
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Sites da Microsoft na Web\Microsoft Brasil.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Sites da Microsoft na Web\Ofertas da Microsoft.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72892
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Sites da Microsoft na Web\Site do IE na Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Links\HotMail gratuito.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=hotmail
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Links\Personalizar links.url -> hxxp://go.microsoft.com/fwlink/?LinkId=53540
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Links\Windows Media.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windowsmedia
InternetURL: C:\Users\Izilda\Desktop\Pri Netbook\Pri\Favoritos\Links\Windows.url -> hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=windows
InternetURL: C:\Users\Izilda\Desktop\Doctor Virtual\Ferramentas\Imagens e Icones\clean-icon-set\Must Read.url -> hxxp://www.creativenerds.co.uk/
InternetURL: C:\Users\Izilda\Desktop\Applications\Free Credit Report and  Score.url -> hxxp://qw.quicken.com/cgi-bin/qd.cgi/w/2012/07-ot-50
InternetURL: C:\Users\Izilda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox Website.URL -> hxxp://www.dropbox.com
InternetURL: C:\Users\Izilda\4Sync\100GB Storage.url -> hxxp://www.4sync.com
 
==================== End of log =============================
 

  • 0

#6
Valinorum
Posted 17 December 2014 - 09:40 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Uninstall SUPERAntiSpyware beforehand.


 
  • Step #3 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
Closeprocesses:
Emptytemp:
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\MountPoints2: {520b7578-3f36-11e1-9d4c-806e6f6e6963} - E:\Setup.exe
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E8873} [Not Found]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886D} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and paste the log in your next reply.
 
  • Step #4 Upload File(s) to Virus-Total
    I want you to upload the following suspicious file(s) to an online virus-scanner to scan.
    • Please go to www.virustotal.com
    • Click on Choose File
    • Go to C:\Program Files (x86)\Vono\Vono\Vono Manager.exe
    • Click on Open;
    • Click on Scan it;
    • Copy and Paste the link of the result page in your reply;
 
  • Required Log(s):
    • FRST Fix Log
    • VirusTotal Link
Regards,
Valinorum
  • 0

#7
Andre Silva
Posted 17 December 2014 - 11:33 AM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello Valinorum, thanks again for your reply. I followed your instructions diligently. Here follows the log and link as requested:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by Izilda at 2014-12-17 12:02:21 Run:1
Running from C:\Users\Izilda\Desktop
Loaded Profile: Izilda (Available profiles: Izilda)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
Start
Closeprocesses:
Emptytemp:
HKU\S-1-5-21-3190529940-644357419-2377663512-1001\...\MountPoints2: {520b7578-3f36-11e1-9d4c-806e6f6e6963} - E:\Setup.exe
CHR HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E8873} [Not Found]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found]
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886D} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path
End
*****************
 
Processes closed successfully.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{520b7578-3f36-11e1-9d4c-806e6f6e6963}" => Key deleted successfully.
"HKCR\CLSID\{520b7578-3f36-11e1-9d4c-806e6f6e6963}" => Key not found.
"HKU\S-1-5-21-3190529940-644357419-2377663512-1001\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E8873} [Not Found] not found.
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found] not found.
FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886D} [Not Found] not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk" => Key deleted successfully.
EmptyTemp: => Removed 885.4 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 

  • 0

#8
Valinorum
Posted 18 December 2014 - 01:19 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
I cannot open the VirusTotal link. Can you tell me if the file was detected for any infection?


 
  • Step #5 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click mbam-setup.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
    • Click on Setting--
      • Navigate to the tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on View Detailed Log after that click on Export Button, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #6 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • Malwarebytes' Anti-Malware Log
    • ESET Fix Log
Regards,
Valinorum
  • 0

#9
Andre Silva
Posted 19 December 2014 - 09:51 AM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello Valinorum, how are you?

 

The file C:\Program Files (x86)\Vono\Vono\Vono Manager.exe was clean. It is actually for my VOIP phone app.

 

Here are the logs as requested. Looking forward to you next contact and instructions, please.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: Dec/18/2014
Scan Time: 1:20:34 PM
Logfile: mbam_12_18_2014.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.18.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Izilda
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371015
Time Elapsed: 1 hr, 16 min, 0 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=986e32fec4377848ba96608dc837440e
# engine=21626
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-12-19 11:20:03
# local_time=2014-12-19 06:20:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 0 182483293 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 170531453 0 0
# scanned=326170
# found=22
# cleaned=21
# scan_time=20083
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"
sh=B12113A02C445EAE309899AF6AE176C99B3DA047 ft=1 fh=620b97ac298a71f9 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=D3FA9C431C9324572A3D9DCA336E5CF094C2740C ft=1 fh=d21d3e61d6d23db5 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=C93101196362D5A20270E709D077FD7A0CE04122 ft=1 fh=3dbde72c87295f06 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=DB05A8DF8D7F88C675BB3DC7CE3E3E11B1AD70F5 ft=1 fh=b2a611f984e48149 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Adobe\Adobe Photoshop CS6\adobe.photoshop.cs6-patch.exe"
sh=686FFA84B518F63667B17939C4F8B475226C06C6 ft=1 fh=ef34117524fb94cb vn="a variant of Win32/CNETInstaller.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\cbsidlm-cbsi176-Quick_Media_Converter_HD-ORG-10787822.exe"
sh=46E3A0AF091D7B8F1040ED31BAF5468C931387E5 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.Themida potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Ebook (1).zip"
sh=FFA44725419851C948784C5A20310FF3E8E76C48 ft=1 fh=98bf80917212d5f0 vn="a variant of Win32/Maxiget.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\SaveAs.exe"
sh=FD36D8CB741325ADE0CA2D40A0833C565718FA6C ft=1 fh=7ef4a03c64850da1 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Shockwave_Installer_Slim(1).exe"
sh=92954631593601B05113FE3D613A780FC6298D32 ft=1 fh=10ab960a29e52180 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Shockwave_Installer_Slim(2).exe"
sh=F56F2945D570EF3FDC8B12D4FB2E0FD855397A2C ft=1 fh=67469725cf43ed38 vn="a variant of Win32/Verti.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Xvid.exe"
sh=DB05A8DF8D7F88C675BB3DC7CE3E3E11B1AD70F5 ft=1 fh=b2a611f984e48149 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Adobe Photoshop CS6 13.0 Final  Multilanguage (patch-PainteR) [ChingLiu]\patch - PainteR\adobe.photoshop.cs6-patch.exe"
sh=3088A5C3CFED7A2D1959311E8735D90CD1A59117 ft=1 fh=52b1bbca2e556353 vn="Win32/Toolbar.Conduit potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Ashampoo Burning Studio 12 v12.0.1 with Key [h33t][iahq76]\ashampoo_burning_studio_12_e12.0.1_sm.exe"
sh=03790069BB7FD280FD94D4B9F0ACFCE4E6265089 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BK potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Nitro PDF Professional 6.2.0.44 [32+64]\Nitro PDF Professional 6.2.0.44x64.rar"
sh=224DCD2ACCB93F243F46E30995EED842CBCA1A4F ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BK potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Izilda\Downloads\Nitro PDF Professional 6.2.0.44 [32+64]\Nitro PDF Professional 6.2.0.44x86.rar"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=FB3DB64FE5B1737631A1622DFE01E23454493D35 ft=1 fh=edd90b7995bff2d1 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06152014_215357\C_Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe"
sh=C36499D6B2D13D522943B9063F2CF4D533D34612 ft=1 fh=19ba1bde06f4ac49 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06152014_215357\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe"
sh=8CB73EA7E7861C82FCADE45716F17827A6FC7465 ft=1 fh=968339a6e38b2293 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06152014_215357\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll"
sh=155D8F97DB6349095401EBB216078E03F2DA87CF ft=1 fh=b427abc37d4a808a vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06152014_215357\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll"
sh=7626AF887406B0E24FE649576F1BDC38F729E5AC ft=1 fh=dd81f74f0256d2f5 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06152014_215357\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll"
sh=38839E1008FA6F5D3F866446FB22B1254941F688 ft=1 fh=7631fade43dc5a10 vn="a variant of Win32/ClientConnect.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\_OTL\MovedFiles\06152014_215357\C_Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll"
 

  • 0

#10
Valinorum
Posted 19 December 2014 - 10:08 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Hello Valinorum, how are you?

I am doing well. Thank you for asking. :)


The file C:\Program Files (x86)\Vono\Vono\Vono Manager.exe was clean. It is actually for my VOIP phone app.

Acknowledged.

I see that ESET found some cracked software. I implore you to remove them completely and use legitimate versions only.


 
  • Step #7 Fix with AdwCleaner
    • Download AdwCleaner by Xplode to your Desktop from the following link.
    • Right-click on AdwCleaner.exe and choose Run as administrator;
    • Click on Scan and let the program run unhindered;
    • When done, click on Clean and allow the system to reboot after it is done;
    • A log will be opened automatically after the restart;
    • Copy and Paste the contents of this log in your reply.
 
  • Required Log(s):
    • AdwCleaner Log
Regards,
Valinorum
  • 0

#11
Andre Silva
Posted 19 December 2014 - 11:23 AM

Andre Silva

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 140 posts

Hello Valinorum,

 

Thanks for your advice. This is a shared computer and I don't know about all the software installed in it.

 

Here is the log as requested. BTW, my computer is running better already :) . Looking forward to the next steps. THANKS!!!

 

# AdwCleaner v4.105 - Report created 19/12/2014 at 12:09:00
# Updated 08/12/2014 by Xplode
# Database : 2014-12-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Izilda - IZILDA-HP
# Running from : C:\Users\Izilda\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Izilda\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17496
 
 
-\\ Mozilla Firefox v34.0.5 (x86 en-US)
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [4550 octets] - [15/06/2014 22:00:17]
AdwCleaner[R1].txt - [2142 octets] - [19/12/2014 11:46:45]
AdwCleaner[R2].txt - [2202 octets] - [19/12/2014 12:04:20]
AdwCleaner[S0].txt - [4575 octets] - [15/06/2014 22:03:57]
AdwCleaner[S1].txt - [2081 octets] - [19/12/2014 12:09:00]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2141 octets] ##########

  • 0

#12
Valinorum
Posted 19 December 2014 - 11:44 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article, How Did I Get Infected in the First Place?

Regards,
Valinorum
  • 0

#13
Valinorum
Posted 23 December 2014 - 12:46 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP