Page 1 of 4 123 ... LastLast
Results 1 to 10 of 38
  1. #1
    Member
    Join Date
    Nov 2013
    Posts
    41
    Points
    14

    Default your detective told me my hijack this log showed some problems & needed to be posted

    3 logs. hijack this, malwarebyte anti malware and superantispyware

    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:15:53, on 16/11/2013 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.17267) Boot mode: Normal Running processes: C:\Windows\PLFSetI.exe C:\Users\Home\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Home\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect b=ACPW&l=0809&m=easynote_tm89&r=273611108125l0474z125f4672a274 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect b=ACPW&l=0809&m=easynote_tm89&r=273611108125l0474z125f4672a274 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 -HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: McAfee SiteAdvisor Toolbar -{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} -C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: Windows Live ID Sign-in Helper -{9030D464-4C02-4ABF-8ECC-5164760863C6} -C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO -{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper -{DBC80044-A445-435b-BC74-9C25C1C588A9} -C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar -{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Home\AppData\Local\Akamai\netsession_win.exe" O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE O4 - Global Startup: HD Writer.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote -res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 -{0000036B-C524-4050-81A0-243669A86B9F} -C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote -{2670000A-7350-4f3c-8081-5663EE0C6C49} -C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes -{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} -c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: SDWinLogon -SDWinLogon.dll (file missing) O23 - Service: SAS Core Service (!SASCORE) -SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated -C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner -C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. -C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. -C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: BT Help Wizard - Alcatel-Lucent -C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) -Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Acer ePower Service (ePowerSvc) -Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) -Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe O23 - Service: GREGService - Acer Incorporated -C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) -Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee AP Service (McAPExe) -McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) -McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) -McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner -C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) -Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner -C:\Windows\system32\lsass.exe (file missing) O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe O23 - Service: pcCMService - Alcatel-Lucent -C:\Program Files (x86)\Common Files\Motive\pcCMService.exe O23 - Service: pcCMService64 - Alcatel-Lucent -C:\Program Files\Common Files\Motive\pcCMService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner -C:\Windows\system32\lsass.exe (file missing) O23 - Service: Protexis Licensing V2 (PSI_SVC_2) -Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner -C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) -Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. -C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. -C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. -C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe O23 - Service: Skype C2C Service - Skype Technologies S.A. -C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner -C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) -Unknown owner -C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner -C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner -C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Updater Service - Acer Group -C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner -C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner -C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner -C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner -C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner -C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner -C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 17995 bytes

    Malwarebytes Anti-Malware 1.75.0.1300 http://www.malwarebytes.org/Database version: v2013.11.12.05 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Home :: HOME-PC [administrator] 16/11/2013 13:05:55 mbam-log-2013-11-16 (13-05-55).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 443081 Time elapsed: 1 hour(s), 44 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

    SUPERAntiSpyware Scan Log SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware! 11/14/2013 at 03:52 PM Application Version : 5.6.1042 Core Rules Database Version : 10889 Trace Rules Database Version: 8701 Scan type : Complete Scan Total Scan Time : 01:15:41 Operating System Information Windows 7 Home Premium 64-bit (Build 6.01.7600) UAC Off - Administrator Memory items scanned : 740 Memory threats detected : 0 Registry items scanned : 76170 Registry threats detected : 0 File items scanned : 74252 File threats detected : 3 Adware.Tracking Cookie C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\3C0TBWQX.txt [ /ads.yahoo.com ] C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\WA6A9A4P.txt [ /ad.yieldmanager.com ] C:\USERS\HOME\Cookies\WA6A9A4P.txt [ Cookie:home@ad.yieldmanager.com/ ]

  2. The Following User Says Thank You to macleod For This Useful Post:


  3. #2
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi macleod,

    Your logs are unreadable, open note pad ,click Format at the top of notepad, place a check mark in Word Wrap and submit the log reports again.

    Joe

  4. The Following User Says Thank You to zep516 For This Useful Post:


  5. #3
    Member
    Join Date
    Nov 2013
    Posts
    41
    Points
    14

    Default

    sorry about that, here is a new hijackthis log, my computer is blocking me from sending it but hopefully this will go through



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 16:50:04, on 17/11/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17267)
    Boot mode: Normal

    Running processes:
    C:\Windows\PLFSetI.exe
    C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
    C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:21320
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" -h -k
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
    O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Home\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Global Startup: HD Writer.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: BT Help Wizard - Alcatel-Lucent - C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe
    O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe
    O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: Updater Service - Acer Group - C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 18265 bytes



    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 11/17/2013 at 12:18 PM

    Application Version : 5.6.1042

    Core Rules Database Version : 10892
    Trace Rules Database Version: 8704

    Scan type : Complete Scan
    Total Scan Time : 01:33:01

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC Off - Administrator

    Memory items scanned : 744
    Memory threats detected : 0
    Registry items scanned : 76364
    Registry threats detected : 0
    File items scanned : 75279
    File threats detected : 10

    Adware.Tracking Cookie
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\BRJ8IFBU.txt [ /ads.yahoo.com ]
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\1MOPGKJK.txt [ /serving-sys.com ]
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\UI0C1C6M.txt [ /ad.yieldmanager.com ]
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\M54G69U6.txt [ /findthebest.com ]
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\ZELXWYAG.txt [ /collective-media.net ]
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\U9QY84V5.txt [ /imrworldwide.com ]
    C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies\A67YTDSF.txt [ /247realmedia.com ]
    C:\USERS\HOME\Cookies\UI0C1C6M.txt [ Cookie:home@ad.yieldmanager.com/ ]
    C:\USERS\HOME\Cookies\M54G69U6.txt [ Cookie:home@findthebest.com/ ]
    C:\USERS\HOME\Cookies\U9QY84V5.txt [ Cookie:home@imrworldwide.com/cgi-bin ]


    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.11.12.05

    Windows 7 x64 NTFS
    Internet Explorer 8.0.7600.16385
    Home :: HOME-PC [administrator]

    16/11/2013 13:05:55
    mbam-log-2013-11-16 (13-05-55).txt

    Scan type: Full scan (C:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 443081
    Time elapsed: 1 hour(s), 44 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  6. The Following User Says Thank You to macleod For This Useful Post:


  7. #4
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi! My name is zep516 and Welcome to help2go!

    I'll do the best I can to resolve your computer issue
    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    First

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

  8. The Following User Says Thank You to zep516 For This Useful Post:


  9. #5
    Member
    Join Date
    Nov 2013
    Posts
    41
    Points
    14

    Default

    Quote Originally Posted by zep516 View Post
    Hi! My name is zep516 and Welcome to help2go!

    I'll do the best I can to resolve your computer issue
    Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue. Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

    First

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

  10. The Following User Says Thank You to macleod For This Useful Post:


  11. #6
    Member
    Join Date
    Nov 2013
    Posts
    41
    Points
    14

    Default

    OTL logfile created on: 19/11/2013 17:05:25 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.74 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 51.33% Memory free
    5.48 Gb Paging File | 3.17 Gb Available in Paging File | 57.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.99 Gb Total Space | 201.03 Gb Free Space | 70.79% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/19 17:01:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    PRC - [2013/10/07 19:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    PRC - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    PRC - [2013/10/02 22:30:40 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
    PRC - [2013/10/02 22:30:40 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe
    PRC - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2013/07/25 08:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    PRC - [2013/05/16 09:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013/05/16 09:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013/05/15 12:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2013/03/06 01:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/11/23 11:50:34 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    PRC - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    PRC - [2012/05/30 12:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2011/11/12 20:09:42 | 000,292,736 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    PRC - [2010/05/03 14:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
    PRC - [2010/04/09 08:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2010/04/08 04:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/04/08 04:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/04/08 04:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010/03/08 23:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    PRC - [2010/03/08 23:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
    PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
    PRC - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/24 00:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2013/02/15 18:22:04 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 09:15:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/10 09:14:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
    MOD - [2013/01/10 09:14:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
    MOD - [2013/01/10 09:14:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
    MOD - [2013/01/10 09:14:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
    MOD - [2013/01/10 09:14:06 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
    MOD - [2013/01/10 09:14:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/05/03 14:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
    MOD - [2010/05/03 14:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
    MOD - [2010/04/09 08:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2010/03/09 00:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
    MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/09/24 20:25:24 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2013/09/24 20:21:16 | 000,219,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2013/09/24 16:07:30 | 000,178,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
    SRV:64bit: - [2013/09/20 09:46:36 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
    SRV:64bit: - [2013/08/02 17:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
    SRV:64bit: - [2013/05/23 20:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012/10/31 23:45:22 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/03/17 09:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/10/28 17:59:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/10/02 22:30:40 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe -- (BT Help Wizard)
    SRV - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/07/25 08:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/07/01 20:13:27 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
    SRV - [2013/03/06 01:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/05/30 12:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2010/06/23 16:44:46 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/08 04:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/03/08 23:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/01/15 21:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/10/10 02:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
    DRV:64bit: - [2013/09/24 20:29:46 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2013/09/24 20:25:40 | 000,343,568 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2013/09/24 20:22:48 | 000,781,312 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2013/09/24 20:21:32 | 000,519,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2013/09/24 20:20:28 | 000,310,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2013/09/24 20:19:56 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2013/09/20 09:38:14 | 000,095,984 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
    DRV:64bit: - [2013/09/20 09:37:56 | 000,390,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
    DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2013/07/25 08:46:26 | 000,295,696 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2013/03/24 23:01:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2013/03/24 23:01:06 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 06:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 06:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/26 18:02:20 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/03/31 07:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/21 09:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2010/03/02 05:25:00 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2010/02/26 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/02 22:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/12/17 17:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/12/10 11:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2013/08/14 22:07:10 | 000,589,872 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys -- (RapportCerberus_56758)
    DRV - [2013/07/25 08:46:26 | 000,384,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2013/07/25 08:46:26 | 000,265,872 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2013/03/24 23:01:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2013/03/24 23:01:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo Search - Web Search
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes,DefaultScope = {78E05582-9921-2FEF-E0FC-069C6120A855}
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes\{78E05582-9921-2FEF-E0FC-069C6120A855}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_enGB407
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: ""
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/05 12:41:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/05 18:56:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/05 18:56:04 | 000,000,000 | ---D | M]

    [2013/09/14 17:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\xg5hi5ub.default\extensions
    [2013/08/14 22:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\xg5hi5ub.default\extensions\foxyproxy@eric.h.jung
    [2013/08/14 22:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/06/29 16:42:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/03/06 19:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2013/03/06 19:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2013/06/29 16:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/06/29 16:42:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2012/03/01 10:22:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Mysearchdial (Enabled)
    CHR - default_search_provider: search_url = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyD0DyE0FyCzyyBtCzyyDtN0D0Tzu0CyCtBtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=169996343&ir=
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: Google Docs = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: BT DesktopHelp extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
    CHR - Extension: BT DesktopHelp extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_1\
    CHR - Extension: BT DesktopHelp extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_2\
    CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
    CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\
    CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_2\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_3\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
    CHR - Extension: Gmail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/11/14 09:10:01 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 00hq.com mobile
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 ???-www.0scan.com-???
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15467 more lines...
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe File not found
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607EA30D-07AD-4503-9480-31099B7E3EB6}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D76239-7085-458B-9C63-8C4D8784C394}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 180 Days ==========

    [2013/11/19 17:01:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2013/11/19 09:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2013/11/16 17:07:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\AVG2014
    [2013/11/16 17:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/11/16 17:06:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TuneUp Software
    [2013/11/16 17:05:07 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/11/16 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
    [2013/11/16 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013/11/16 16:57:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/11/16 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\MFAData
    [2013/11/16 16:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/11/16 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Avg2014
    [2013/11/13 22:48:49 | 000,000,000 | ---D | C] -- C:\98b8785d694e91d513
    [2013/11/13 09:41:42 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/11/13 09:41:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2013/11/12 17:44:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/11/12 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/11/12 15:51:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{06FB587E-0B42-4EB9-8EA3-0C1B8F335F81}
    [2013/11/11 13:59:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{655FC11A-8D04-41DA-B1DC-B3EF2002A183}
    [2013/11/10 17:21:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{06AAAEAB-0186-4B1D-86A6-9E748C53C573}
    [2013/11/09 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{43B9D0C5-5572-4F04-89E9-35F233C9E8FA}
    [2013/11/05 13:35:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E829DA18-15E6-43B2-8015-A7FE652FD815}
    [2013/11/04 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7732D872-FCF2-4369-8409-3CCEAC142DD3}
    [2013/11/02 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8CC79EFD-6DC2-4A31-861B-95BA30AD9CAD}
    [2013/10/31 20:40:24 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
    [2013/10/29 17:59:41 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ACCDD8E4-BDF4-436A-B291-FAFC4F49607A}
    [2013/10/28 18:05:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A049FD6E-EFD6-4D2E-8794-9FC28E68B7EC}
    [2013/10/27 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AC510071-1F04-4FBB-B981-81BEFA9C31E3}
    [2013/10/24 17:17:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1CB18882-83F5-4204-BEFE-B57BD87F904A}
    [2013/10/22 18:26:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DC20AC6C-489B-4AC4-B395-6327B30EEB60}
    [2013/10/21 09:32:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{75CCCE4F-6A48-4134-AB5F-312695114955}
    [2013/10/20 19:08:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B91F57FB-FE9E-45AD-9B2F-947278934338}
    [2013/10/19 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{955FF99E-000E-4D21-B09C-719FBC6E92D7}
    [2013/10/18 17:38:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{50B8CEE3-78EE-42F8-981F-A25AB4D76C94}
    [2013/10/17 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D95812F7-2301-479C-8C13-97B2E2C5F84E}
    [2013/10/15 21:34:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EF51B515-DC45-49E8-B010-205D1FAA338F}
    [2013/10/13 18:52:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B1AB4D3A-3E14-4941-AD82-1DE0A907E59B}
    [2013/10/11 19:53:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5AE7BC62-1EA6-4AEA-BE40-4ED91ED98015}
    [2013/10/10 17:27:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A3221BD8-00F1-4C02-A98F-6A1A18596A1C}
    [2013/10/09 22:00:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2013/10/09 09:44:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FA98B68F-8140-43C8-BC16-D12FDE3FDDFC}
    [2013/10/08 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C173C3ED-C46B-4F93-BBD4-D77AA09EBC8A}
    [2013/10/07 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4FECB30F-A9F9-4151-8CB9-DBD7718920F1}
    [2013/10/06 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EDAE8B73-ACA8-4D82-BB13-2839CCCCC87A}
    [2013/10/03 21:06:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3FB6A93A-6A5A-4FFE-9DF4-BAD6B2767E36}
    [2013/09/30 17:10:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A8636503-EDF2-4734-A412-30579E1555FE}
    [2013/09/28 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2036106D-6948-49F8-95F1-71DDF7DA8CED}
    [2013/09/27 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DDA3280C-93B3-49CF-8D6E-D8961E168582}
    [2013/09/26 18:40:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A535719D-70F3-4867-B1F6-A905F9AE0FAE}
    [2013/09/25 21:07:30 | 000,148,792 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
    [2013/09/24 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C06B0694-0422-4F06-928B-70702DC32BE7}
    [2013/09/24 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0ACBA646-6DF9-46D4-905E-25807AB56C8D}
    [2013/09/22 19:59:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7F43BEC1-C151-4ADB-A30B-FF2856043522}
    [2013/09/21 21:33:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{12B075F0-0C14-430D-9208-809F8AD92EA6}
    [2013/09/20 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DE8E0E8D-93D2-4D98-B89F-0FD299D16814}
    [2013/09/20 09:38:30 | 000,010,856 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnrk.sys
    [2013/09/20 09:38:14 | 000,095,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencrk.sys
    [2013/09/20 09:37:56 | 000,390,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencbdc.sys
    [2013/09/19 21:16:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8CAEACE5-651C-4713-A41D-A15B348291A1}
    [2013/09/18 15:33:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3F17070E-9F52-4656-A7FF-AA6044820331}
    [2013/09/17 20:34:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B3377D2D-DA4E-47BD-B9B2-70967A15A56C}
    [2013/09/15 15:48:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{97679D71-B3A6-4A2D-9B0D-9C6112B73DF1}
    [2013/09/14 20:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013/09/14 19:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
    [2013/09/14 17:33:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/13 15:38:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7C261B5F-F29D-4C00-AD07-2294337A0689}
    [2013/09/12 18:29:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\UpdaterEX
    [2013/09/12 18:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DSearchLink
    [2013/09/12 16:20:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2013/09/11 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{17974338-922A-442F-A173-C057A1B6F94F}
    [2013/09/10 19:30:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0B12E793-C0E2-48A3-8BF0-4910739CFC38}
    [2013/09/09 14:36:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AC917C5E-80B1-423E-8818-78FFB2EB0EC8}
    [2013/09/08 22:11:42 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
    [2013/09/08 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A2B20E02-18E3-4F78-9A09-9A98B9B751BA}
    [2013/09/06 17:32:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5C62F27F-131D-4D61-8DDF-42C0D456FED9}
    [2013/09/05 18:17:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{882668C2-B66F-48AE-BC8E-32607CA40265}
    [2013/09/04 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C1D7AC84-FB3D-42F3-AC09-8A39112D7D43}
    [2013/09/02 13:15:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{70D50800-8E83-4C78-B8E9-3EC5722E8969}
    [2013/09/02 10:59:14 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2013/09/02 10:29:18 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2013/09/02 10:26:50 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2013/09/02 10:26:42 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
    [2013/09/01 10:18:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B5AF0A23-D66B-4D25-896E-5ADC2C626E38}
    [2013/08/29 21:04:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{75CD9E2F-DCE4-4B6A-A0F7-18C4CFA58407}
    [2013/08/27 22:14:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{61A93BD8-64D0-4BEC-A6C0-5C6A7BE12FED}
    [2013/08/26 16:19:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8EA9DBD5-15A6-408F-94F1-F4CFBCE899DB}
    [2013/08/24 12:28:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7124FF4B-0EAF-47E4-ADBA-DD51EEB26BF9}
    [2013/08/23 20:28:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{153C77CC-A995-40F3-A063-01A39000A222}
    [2013/08/23 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DA0B0667-2B7A-4AEF-A0CD-899BF9B1BC35}
    [2013/08/21 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5543ED1B-F53B-4D82-AB4D-BA1B78792FFE}
    [2013/08/20 22:53:58 | 000,123,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2013/08/20 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F6C2CCED-126A-4196-BE6C-671FC6F9D1D0}
    [2013/08/18 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F02EA20C-D7AC-483E-9D09-90945FC6CFE8}
    [2013/08/17 21:02:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{37CF4FB3-FB00-4532-97DB-CE902D730DE1}
    [2013/08/16 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{25EBB342-4063-4CE8-BD93-E8A3DD800281}
    [2013/08/14 22:42:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2013/08/14 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
    [2013/08/14 22:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/08/14 22:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/08/14 22:12:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/08/14 22:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/08/14 22:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    [2013/08/14 20:22:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
    [2013/08/14 20:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/08/14 20:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/08/14 20:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/08/14 17:10:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FFCD2B5D-508F-4711-AB52-7023F97D7BF7}
    [2013/08/13 20:42:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3D1B47B5-DA63-41C1-9132-2EE2EC3A9499}
    [2013/08/12 08:46:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7CBEDC36-23F3-41A5-A87C-A57341FD89BF}
    [2013/08/09 18:47:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{01A2C194-4015-4C51-A59C-0386243F1655}
    [2013/08/08 05:35:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F90AE213-1329-4086-B0DB-1B8A779FE6E5}
    [2013/08/07 22:54:04 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\ProcAlyzer Dumps
    [2013/08/07 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/08/07 22:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/08/07 22:43:07 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/08/07 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/08/07 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs
    [2013/08/07 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Auslogics
    [2013/08/07 21:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [2013/08/07 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
    [2013/08/07 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{371629D3-112F-4BDE-A12F-0B4A471C7ECD}
    [2013/08/06 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A0E8DF38-C883-40FB-A8AE-3664E245B3EE}
    [2013/08/04 18:17:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{577D7E61-1D50-47BB-BEBE-7574DE51A0F4}
    [2013/08/03 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1F75802E-C52E-4BDE-9F59-3D30C7160121}
    [2013/08/02 17:06:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{35D654C7-D0DF-4E82-AA17-D17AAB5B9656}
    [2013/08/01 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{21D09809-035E-4BE8-8915-DF5B85C56A40}
    [2013/08/01 16:07:06 | 000,251,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
    [2013/07/30 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C6D5FB3C-E1C1-4981-8995-299A456DA2BC}
    [2013/07/28 14:15:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{51097640-3A42-45D3-BA4B-DFFFE9236838}
    [2013/07/27 13:27:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2FA680C1-BD05-40DD-B541-6CCFABD519CD}
    [2013/07/26 05:41:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A87D899E-DA26-4566-B511-E6B657632D84}
    [2013/07/25 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D51F106B-C115-497B-B8F6-33F7A56DD346}
    [2013/07/24 21:55:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{694F0225-6DA8-4844-A98E-60DE6760E2B2}
    [2013/07/23 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D960A6CD-E542-43B6-B23B-F79D28C2C914}
    [2013/07/21 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BA6CBC9C-5E19-4316-BE3B-81CF0A9E6E0E}
    [2013/07/20 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{198697C3-1E18-46AF-858E-900A68D45FA6}
    [2013/07/18 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{41A77143-82C5-4A62-9DCF-7F9DEC9CE758}
    [2013/07/17 21:35:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{62E72EA3-ED0E-4EA4-B6D1-1B509A68FC5A}
    [2013/07/16 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{9FB29469-16B5-4AB2-ACAA-CF672AB598DB}
    [2013/06/28 15:11:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ADF35871-C941-43EF-B7E3-B89882875DF3}
    [2013/06/27 09:11:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{43118244-5E10-4CB6-891F-30E07B91C8D8}
    [2013/06/26 09:12:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4E779836-0CD6-4A6C-B48B-977FB761941C}
    [2013/06/24 16:58:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6F9D9210-718F-4446-979C-BC875EC146E8}
    [2013/06/23 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{80CD3038-A358-4CD3-B89A-EFE307F6C8AB}
    [2013/06/22 17:12:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E84CA537-FF87-42FF-B5B4-9AA43115BAAD}
    [2013/06/21 12:35:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8EEEFF4E-342F-4448-A664-1C4241F0F85D}
    [2013/06/20 13:00:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{85CB8D47-D1CE-48B0-9C49-89C60B7DC13A}
    [2013/06/18 08:28:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B5865038-40FA-471E-9C01-A44D0DF98C2B}
    [2013/06/16 11:04:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{636D4914-3CDB-4C16-99DF-D27080ECD663}
    [2013/06/15 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{24ED8A89-2852-4ABE-9751-74D024CBBF8F}
    [2013/06/14 17:35:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38385915-C874-4869-9C43-BD8036B3135F}
    [2013/06/13 08:08:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6E71F416-D045-488A-AD4A-DA037F05102A}
    [2013/06/11 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8A03AC04-E54A-4143-A464-C57976805C27}
    [2013/06/09 09:22:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{18B21537-82F3-46B0-B50E-2EA6B4F5344D}
    [2013/06/08 17:09:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D2542193-16CF-4E3A-B940-2DC845D35094}
    [2013/06/07 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{98CFF7BE-C72F-40AE-A65E-CFCF710E3F2B}
    [2013/06/06 19:56:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{09FB40EF-E511-4A27-8C16-AB8EC1A33E83}
    [2013/06/04 19:25:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AEBBCEC3-FF77-4EB8-B0A1-3E5192FC461A}
    [2013/06/01 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{014D0918-D5D5-49B3-A931-F81805380360}
    [2013/05/31 18:48:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{003D0C0C-D6DB-41CB-8592-68EA494F097C}
    [2013/05/30 17:42:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{60568A09-DC62-4661-BD60-8A6D0E3B5E54}
    [2013/05/28 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0A3A7F9F-D74E-4A76-A4BD-35670AC8F4E9}
    [2013/05/27 20:47:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{28F9E965-EA8F-444E-B0C3-1BFA28884B21}
    [2013/05/26 17:19:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{47856868-5481-4449-8B09-12A4BFCA283C}
    [2013/05/24 13:19:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1B9D826D-B7AB-4896-84D8-0E6BEC306795}
    [2013/05/24 08:18:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3091A177-D240-43D8-81B7-B9FF2E47EB58}
    [2013/05/23 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D0FAF782-898C-4D56-907A-B492799676BB}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 180 Days ==========

    [2013/11/19 17:01:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2013/11/19 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/19 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/19 16:35:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/19 16:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/19 16:35:19 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/19 10:29:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
    [2013/11/19 10:22:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/19 10:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/11/16 17:06:21 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2013/11/14 09:10:01 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/11/14 08:09:01 | 000,785,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/14 08:09:01 | 000,669,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/14 08:09:01 | 000,127,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/13 16:50:46 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131114-091001.backup
    [2013/11/12 17:44:27 | 000,002,971 | ---- | M] () -- C:\Users\Home\Desktop\HiJackThis.lnk
    [2013/11/10 09:12:52 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131113-165046.backup
    [2013/11/03 09:27:48 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131110-091252.backup
    [2013/10/28 17:59:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/10/28 17:59:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/10/27 08:16:13 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131103-092748.backup
    [2013/10/20 15:38:48 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131027-081613.backup
    [2013/10/18 20:04:31 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131020-163848.backup
    [2013/10/13 08:03:39 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131018-210430.backup
    [2013/10/13 07:41:38 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BT Desktop Help.lnk
    [2013/10/09 12:39:11 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131013-090338.backup
    [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
    [2013/09/24 20:29:46 | 000,070,112 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2013/09/24 20:25:40 | 000,343,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2013/09/24 20:25:24 | 000,182,752 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2013/09/24 20:22:48 | 000,781,312 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
    [2013/09/24 20:21:32 | 000,519,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2013/09/24 20:20:28 | 000,310,224 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2013/09/24 20:19:56 | 000,179,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
    [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
    [2013/09/20 09:38:30 | 000,010,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnrk.sys
    [2013/09/20 09:38:14 | 000,095,984 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencrk.sys
    [2013/09/20 09:37:56 | 000,390,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencbdc.sys
    [2013/09/20 09:35:24 | 000,002,641 | ---- | M] () -- C:\Windows\SysNative\drivers\mfencrk.inf
    [2013/09/20 09:34:56 | 000,002,951 | ---- | M] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
    [2013/09/14 21:04:35 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131009-133910.backup
    [2013/09/14 21:04:35 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130928-105832.backup
    [2013/09/14 21:00:52 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130914-220435.backup
    [2013/09/14 20:53:53 | 000,010,724 | ---- | M] () -- C:\Windows\SysNative\.crusader
    [2013/09/12 20:46:03 | 000,000,116 | ---- | M] () -- C:\Windows\Reimage.ini
    [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
    [2013/09/05 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Regwork.job
    [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
    [2013/08/28 20:24:16 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130914-220052.backup
    [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2013/08/14 22:13:03 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/14 20:22:06 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/08 04:59:35 | 000,051,827 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/08/07 22:56:40 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130828-212415.backup
    [2013/08/07 22:43:13 | 000,001,395 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/08/07 21:54:59 | 000,001,262 | ---- | M] () -- C:\Users\Home\Desktop\Auslogics Disk Defrag.lnk
    [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
    [2013/07/25 08:46:26 | 000,295,696 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/16 17:06:21 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2013/11/12 17:44:27 | 000,002,971 | ---- | C] () -- C:\Users\Home\Desktop\HiJackThis.lnk
    [2013/10/31 20:39:35 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
    [2013/10/31 20:39:34 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
    [2013/09/14 20:53:53 | 000,010,724 | ---- | C] () -- C:\Windows\SysNative\.crusader
    [2013/09/12 20:43:32 | 000,000,116 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/09/12 18:29:36 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\UpdaterEX.job
    [2013/08/14 22:13:03 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/14 20:22:06 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/07 23:39:36 | 000,051,827 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/08/07 22:43:13 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/08/07 22:43:13 | 000,001,395 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/08/07 21:54:59 | 000,001,262 | ---- | C] () -- C:\Users\Home\Desktop\Auslogics Disk Defrag.lnk
    [2012/04/29 18:46:11 | 000,000,780 | ---- | C] () -- C:\Users\Home\AppData\Roaming\result.db
    [2012/01/18 18:42:45 | 000,771,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/09 18:47:09 | 000,000,043 | ---- | C] () -- C:\Users\Home\jagex_cl_runescape_LIVE.dat
    [2012/01/09 18:47:09 | 000,000,024 | ---- | C] () -- C:\Users\Home\random.dat
    [2010/11/29 13:00:09 | 000,103,784 | ---- | C] () -- C:\Users\Home\GoToAssistDownloadHelper.exe
    [2010/11/28 13:02:48 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

  12. The Following User Says Thank You to macleod For This Useful Post:


  13. #7
    Member
    Join Date
    Nov 2013
    Posts
    41
    Points
    14

    Default

    extras.text log


    OTL logfile created on: 19/11/2013 17:05:25 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.74 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 51.33% Memory free
    5.48 Gb Paging File | 3.17 Gb Available in Paging File | 57.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.99 Gb Total Space | 201.03 Gb Free Space | 70.79% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/11/19 17:01:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    PRC - [2013/10/07 19:54:20 | 004,908,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    PRC - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    PRC - [2013/10/02 22:30:40 | 005,271,040 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\node.exe
    PRC - [2013/10/02 22:30:40 | 000,321,024 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe
    PRC - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    PRC - [2013/07/25 10:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    PRC - [2013/07/25 08:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
    PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Home\AppData\Local\Akamai\netsession_win.exe
    PRC - [2013/05/16 09:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    PRC - [2013/05/16 09:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    PRC - [2013/05/15 12:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    PRC - [2013/03/06 01:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    PRC - [2012/11/23 11:50:34 | 000,225,280 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    PRC - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    PRC - [2012/05/30 12:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2011/11/12 20:09:42 | 000,292,736 | ---- | M] (Panasonic Corporation) -- C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
    PRC - [2010/05/03 14:15:42 | 001,480,032 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
    PRC - [2010/04/09 08:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
    PRC - [2010/04/08 04:18:40 | 000,908,368 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2010/04/08 04:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    PRC - [2010/04/08 04:18:40 | 000,298,064 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
    PRC - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    PRC - [2010/03/08 23:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
    PRC - [2010/03/08 23:56:08 | 000,258,560 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
    PRC - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
    PRC - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
    PRC - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/24 00:39:02 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/05/16 09:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    MOD - [2013/05/16 09:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    MOD - [2013/02/15 18:22:04 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll
    MOD - [2013/01/10 09:15:11 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll
    MOD - [2013/01/10 09:14:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll
    MOD - [2013/01/10 09:14:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll
    MOD - [2013/01/10 09:14:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll
    MOD - [2013/01/10 09:14:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll
    MOD - [2013/01/10 09:14:06 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll
    MOD - [2013/01/10 09:14:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/05/03 14:15:46 | 000,038,136 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\VWC_ENG.dll
    MOD - [2010/05/03 14:15:34 | 000,046,328 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\sy_Utility.dll
    MOD - [2010/04/09 08:49:02 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
    MOD - [2010/03/09 00:18:10 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
    MOD - [2009/05/20 06:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/09/24 20:25:24 | 000,182,752 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
    SRV:64bit: - [2013/09/24 20:21:16 | 000,219,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
    SRV:64bit: - [2013/09/24 16:07:30 | 000,178,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\McAPExe.exe -- (McAPExe)
    SRV:64bit: - [2013/09/20 09:46:36 | 001,017,016 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe -- (mfecore)
    SRV:64bit: - [2013/08/02 17:52:58 | 000,602,944 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McProxy)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (mcpltsvc)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV:64bit: - [2013/07/30 11:45:02 | 000,328,928 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe -- (HomeNetSvc)
    SRV:64bit: - [2013/05/23 20:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2012/10/31 23:45:22 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
    SRV:64bit: - [2012/08/31 13:20:06 | 000,201,304 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/03/17 09:56:12 | 000,866,336 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2010/01/28 23:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
    SRV:64bit: - [2009/07/14 01:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/10/28 17:59:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/10/03 22:00:24 | 003,538,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/10/02 22:30:40 | 000,321,024 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.3.1.7.bt.1.3\ma\bin\MAHostService.exe -- (BT Help Wizard)
    SRV - [2013/09/25 21:47:22 | 000,301,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe -- (avgwd)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/07/25 08:46:14 | 001,435,928 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
    SRV - [2013/07/01 20:13:27 | 004,569,856 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll -- (Akamai)
    SRV - [2013/03/06 01:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
    SRV - [2012/10/31 22:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
    SRV - [2012/05/30 12:56:52 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2010/06/23 16:44:46 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/04/08 04:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 04:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/18 04:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
    SRV - [2010/03/08 23:58:24 | 000,250,368 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
    SRV - [2010/01/15 21:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2010/01/08 13:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/12/24 00:39:04 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/10/10 02:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgdiska.sys -- (Avgdiska)
    DRV:64bit: - [2013/09/24 20:29:46 | 000,070,112 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
    DRV:64bit: - [2013/09/24 20:25:40 | 000,343,568 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
    DRV:64bit: - [2013/09/24 20:22:48 | 000,781,312 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
    DRV:64bit: - [2013/09/24 20:21:32 | 000,519,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
    DRV:64bit: - [2013/09/24 20:20:28 | 000,310,224 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
    DRV:64bit: - [2013/09/24 20:19:56 | 000,179,664 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
    DRV:64bit: - [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HipShieldK.sys -- (HipShieldK)
    DRV:64bit: - [2013/09/20 09:38:14 | 000,095,984 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mfencrk.sys -- (mfencrk)
    DRV:64bit: - [2013/09/20 09:37:56 | 000,390,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfencbdc.sys -- (mfencbdc)
    DRV:64bit: - [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2013/07/25 08:46:26 | 000,295,696 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
    DRV:64bit: - [2013/03/24 23:01:36 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
    DRV:64bit: - [2013/03/24 23:01:06 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
    DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 06:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 16:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 21:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/11 06:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 06:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/26 18:02:20 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
    DRV:64bit: - [2010/03/31 07:47:08 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/03/21 09:59:08 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
    DRV:64bit: - [2010/03/02 05:25:00 | 001,098,784 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
    DRV:64bit: - [2010/02/26 08:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/02 22:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2009/12/17 17:42:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/12/10 11:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/09/17 05:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 01:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 23:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 23:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
    DRV - [2013/08/14 22:07:10 | 000,589,872 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_56758.sys -- (RapportCerberus_56758)
    DRV - [2013/07/25 08:46:26 | 000,384,144 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
    DRV - [2013/07/25 08:46:26 | 000,265,872 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
    DRV - [2013/03/24 23:01:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
    DRV - [2013/03/24 23:01:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
    DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo Search - Web Search
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes,DefaultScope = {78E05582-9921-2FEF-E0FC-069C6120A855}
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\SearchScopes\{78E05582-9921-2FEF-E0FC-069C6120A855}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACPW_enGB407
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

    ========== FireFox ==========

    FF - prefs.js..keyword.URL: ""
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013/10/05 12:41:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/05 18:56:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/05 18:56:04 | 000,000,000 | ---D | M]

    [2013/09/14 17:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\xg5hi5ub.default\extensions
    [2013/08/14 22:07:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\xg5hi5ub.default\extensions\foxyproxy@eric.h.jung
    [2013/08/14 22:07:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/06/29 16:42:40 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/03/06 19:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2013/03/06 19:48:17 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2013/06/29 16:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/06/29 16:42:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2011/04/14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll
    [2012/03/01 10:22:01 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    ========== Chrome ==========

    CHR - default_search_provider: Mysearchdial (Enabled)
    CHR - default_search_provider: search_url = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1Qzuzzzz0A0EtC0DyD0DyE0FyCzyyBtCzyyDtN0D0Tzu0CyCtBtAtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=169996343&ir=
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - Extension: Google Docs = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
    CHR - Extension: Google Docs = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: YouTube = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Google Search = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: BT DesktopHelp extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0\
    CHR - Extension: BT DesktopHelp extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_1\
    CHR - Extension: BT DesktopHelp extension = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_2\
    CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_0\
    CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.2.1341_1\
    CHR - Extension: SiteAdvisor = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1241_0\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_2\
    CHR - Extension: Skype Click to Call = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_3\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_1\
    CHR - Extension: Chrome In-App Payments service = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.9_0\
    CHR - Extension: Gmail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2013/11/14 09:10:01 | 000,450,639 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 博彩通,博彩网,金宝博188,博彩通评级,百家乐,奥妙百家乐
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 Gadgets And More
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 15467 more lines...
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg64.dll (Google Inc.)
    O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
    O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
    O4 - HKLM..\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe File not found
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001..\Run: [Akamai NetSession Interface] C:\Users\Home\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
    O4 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
    O4 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{607EA30D-07AD-4503-9480-31099B7E3EB6}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D76239-7085-458B-9C63-8C4D8784C394}: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
    O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20 - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001 Winlogon: Shell - (EXPLORER.EXE) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 180 Days ==========

    [2013/11/19 17:01:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2013/11/19 09:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
    [2013/11/16 17:07:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\AVG2014
    [2013/11/16 17:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/11/16 17:06:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\TuneUp Software
    [2013/11/16 17:05:07 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/11/16 17:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2014
    [2013/11/16 17:03:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013/11/16 16:57:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/11/16 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\MFAData
    [2013/11/16 16:57:19 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/11/16 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Avg2014
    [2013/11/13 22:48:49 | 000,000,000 | ---D | C] -- C:\98b8785d694e91d513
    [2013/11/13 09:41:42 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/11/13 09:41:41 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
    [2013/11/12 17:44:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/11/12 17:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/11/12 15:51:01 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{06FB587E-0B42-4EB9-8EA3-0C1B8F335F81}
    [2013/11/11 13:59:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{655FC11A-8D04-41DA-B1DC-B3EF2002A183}
    [2013/11/10 17:21:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{06AAAEAB-0186-4B1D-86A6-9E748C53C573}
    [2013/11/09 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{43B9D0C5-5572-4F04-89E9-35F233C9E8FA}
    [2013/11/05 13:35:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E829DA18-15E6-43B2-8015-A7FE652FD815}
    [2013/11/04 21:30:51 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7732D872-FCF2-4369-8409-3CCEAC142DD3}
    [2013/11/02 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8CC79EFD-6DC2-4A31-861B-95BA30AD9CAD}
    [2013/10/31 20:40:24 | 000,197,704 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
    [2013/10/29 17:59:41 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ACCDD8E4-BDF4-436A-B291-FAFC4F49607A}
    [2013/10/28 18:05:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A049FD6E-EFD6-4D2E-8794-9FC28E68B7EC}
    [2013/10/27 15:26:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AC510071-1F04-4FBB-B981-81BEFA9C31E3}
    [2013/10/24 17:17:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1CB18882-83F5-4204-BEFE-B57BD87F904A}
    [2013/10/22 18:26:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DC20AC6C-489B-4AC4-B395-6327B30EEB60}
    [2013/10/21 09:32:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{75CCCE4F-6A48-4134-AB5F-312695114955}
    [2013/10/20 19:08:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B91F57FB-FE9E-45AD-9B2F-947278934338}
    [2013/10/19 17:17:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{955FF99E-000E-4D21-B09C-719FBC6E92D7}
    [2013/10/18 17:38:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{50B8CEE3-78EE-42F8-981F-A25AB4D76C94}
    [2013/10/17 17:46:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D95812F7-2301-479C-8C13-97B2E2C5F84E}
    [2013/10/15 21:34:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EF51B515-DC45-49E8-B010-205D1FAA338F}
    [2013/10/13 18:52:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B1AB4D3A-3E14-4941-AD82-1DE0A907E59B}
    [2013/10/11 19:53:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5AE7BC62-1EA6-4AEA-BE40-4ED91ED98015}
    [2013/10/10 17:27:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A3221BD8-00F1-4C02-A98F-6A1A18596A1C}
    [2013/10/09 22:00:18 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2013/10/09 09:44:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FA98B68F-8140-43C8-BC16-D12FDE3FDDFC}
    [2013/10/08 19:00:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C173C3ED-C46B-4F93-BBD4-D77AA09EBC8A}
    [2013/10/07 21:12:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4FECB30F-A9F9-4151-8CB9-DBD7718920F1}
    [2013/10/06 13:07:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{EDAE8B73-ACA8-4D82-BB13-2839CCCCC87A}
    [2013/10/03 21:06:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3FB6A93A-6A5A-4FFE-9DF4-BAD6B2767E36}
    [2013/09/30 17:10:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A8636503-EDF2-4734-A412-30579E1555FE}
    [2013/09/28 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2036106D-6948-49F8-95F1-71DDF7DA8CED}
    [2013/09/27 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DDA3280C-93B3-49CF-8D6E-D8961E168582}
    [2013/09/26 18:40:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A535719D-70F3-4867-B1F6-A905F9AE0FAE}
    [2013/09/25 21:07:30 | 000,148,792 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
    [2013/09/24 17:24:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C06B0694-0422-4F06-928B-70702DC32BE7}
    [2013/09/24 09:17:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0ACBA646-6DF9-46D4-905E-25807AB56C8D}
    [2013/09/22 19:59:45 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7F43BEC1-C151-4ADB-A30B-FF2856043522}
    [2013/09/21 21:33:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{12B075F0-0C14-430D-9208-809F8AD92EA6}
    [2013/09/20 09:50:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DE8E0E8D-93D2-4D98-B89F-0FD299D16814}
    [2013/09/20 09:38:30 | 000,010,856 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnrk.sys
    [2013/09/20 09:38:14 | 000,095,984 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencrk.sys
    [2013/09/20 09:37:56 | 000,390,552 | ---- | C] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencbdc.sys
    [2013/09/19 21:16:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8CAEACE5-651C-4713-A41D-A15B348291A1}
    [2013/09/18 15:33:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3F17070E-9F52-4656-A7FF-AA6044820331}
    [2013/09/17 20:34:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B3377D2D-DA4E-47BD-B9B2-70967A15A56C}
    [2013/09/15 15:48:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{97679D71-B3A6-4A2D-9B0D-9C6112B73DF1}
    [2013/09/14 20:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
    [2013/09/14 19:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
    [2013/09/14 17:33:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/09/13 15:38:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7C261B5F-F29D-4C00-AD07-2294337A0689}
    [2013/09/12 18:29:35 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\UpdaterEX
    [2013/09/12 18:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DSearchLink
    [2013/09/12 16:20:25 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2013/09/11 15:33:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{17974338-922A-442F-A173-C057A1B6F94F}
    [2013/09/10 19:30:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0B12E793-C0E2-48A3-8BF0-4910739CFC38}
    [2013/09/09 14:36:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AC917C5E-80B1-423E-8818-78FFB2EB0EC8}
    [2013/09/08 22:11:42 | 000,031,544 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
    [2013/09/08 12:47:52 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A2B20E02-18E3-4F78-9A09-9A98B9B751BA}
    [2013/09/06 17:32:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5C62F27F-131D-4D61-8DDF-42C0D456FED9}
    [2013/09/05 18:17:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{882668C2-B66F-48AE-BC8E-32607CA40265}
    [2013/09/04 20:15:04 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C1D7AC84-FB3D-42F3-AC09-8A39112D7D43}
    [2013/09/02 13:15:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{70D50800-8E83-4C78-B8E9-3EC5722E8969}
    [2013/09/02 10:59:14 | 000,212,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2013/09/02 10:29:18 | 000,294,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2013/09/02 10:26:50 | 000,192,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2013/09/02 10:26:42 | 000,241,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
    [2013/09/01 10:18:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B5AF0A23-D66B-4D25-896E-5ADC2C626E38}
    [2013/08/29 21:04:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{75CD9E2F-DCE4-4B6A-A0F7-18C4CFA58407}
    [2013/08/27 22:14:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{61A93BD8-64D0-4BEC-A6C0-5C6A7BE12FED}
    [2013/08/26 16:19:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8EA9DBD5-15A6-408F-94F1-F4CFBCE899DB}
    [2013/08/24 12:28:56 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7124FF4B-0EAF-47E4-ADBA-DD51EEB26BF9}
    [2013/08/23 20:28:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{153C77CC-A995-40F3-A063-01A39000A222}
    [2013/08/23 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{DA0B0667-2B7A-4AEF-A0CD-899BF9B1BC35}
    [2013/08/21 20:39:17 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{5543ED1B-F53B-4D82-AB4D-BA1B78792FFE}
    [2013/08/20 22:53:58 | 000,123,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2013/08/20 10:34:38 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F6C2CCED-126A-4196-BE6C-671FC6F9D1D0}
    [2013/08/18 16:57:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F02EA20C-D7AC-483E-9D09-90945FC6CFE8}
    [2013/08/17 21:02:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{37CF4FB3-FB00-4532-97DB-CE902D730DE1}
    [2013/08/16 09:18:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{25EBB342-4063-4CE8-BD93-E8A3DD800281}
    [2013/08/14 22:42:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
    [2013/08/14 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Malwarebytes
    [2013/08/14 22:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/08/14 22:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/08/14 22:12:55 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/08/14 22:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/08/14 22:04:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
    [2013/08/14 20:22:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\SUPERAntiSpyware.com
    [2013/08/14 20:22:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2013/08/14 20:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2013/08/14 20:22:02 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2013/08/14 17:10:30 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{FFCD2B5D-508F-4711-AB52-7023F97D7BF7}
    [2013/08/13 20:42:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3D1B47B5-DA63-41C1-9132-2EE2EC3A9499}
    [2013/08/12 08:46:57 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{7CBEDC36-23F3-41A5-A87C-A57341FD89BF}
    [2013/08/09 18:47:02 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{01A2C194-4015-4C51-A59C-0386243F1655}
    [2013/08/08 05:35:24 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{F90AE213-1329-4086-B0DB-1B8A779FE6E5}
    [2013/08/07 22:54:04 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\ProcAlyzer Dumps
    [2013/08/07 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/08/07 22:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/08/07 22:43:07 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/08/07 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/08/07 22:41:26 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Programs
    [2013/08/07 21:54:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Auslogics
    [2013/08/07 21:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [2013/08/07 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
    [2013/08/07 17:07:28 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{371629D3-112F-4BDE-A12F-0B4A471C7ECD}
    [2013/08/06 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A0E8DF38-C883-40FB-A8AE-3664E245B3EE}
    [2013/08/04 18:17:29 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{577D7E61-1D50-47BB-BEBE-7574DE51A0F4}
    [2013/08/03 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1F75802E-C52E-4BDE-9F59-3D30C7160121}
    [2013/08/02 17:06:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{35D654C7-D0DF-4E82-AA17-D17AAB5B9656}
    [2013/08/01 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{21D09809-035E-4BE8-8915-DF5B85C56A40}
    [2013/08/01 16:07:06 | 000,251,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
    [2013/07/30 18:44:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{C6D5FB3C-E1C1-4981-8995-299A456DA2BC}
    [2013/07/28 14:15:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{51097640-3A42-45D3-BA4B-DFFFE9236838}
    [2013/07/27 13:27:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{2FA680C1-BD05-40DD-B541-6CCFABD519CD}
    [2013/07/26 05:41:08 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{A87D899E-DA26-4566-B511-E6B657632D84}
    [2013/07/25 14:26:54 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D51F106B-C115-497B-B8F6-33F7A56DD346}
    [2013/07/24 21:55:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{694F0225-6DA8-4844-A98E-60DE6760E2B2}
    [2013/07/23 18:57:53 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D960A6CD-E542-43B6-B23B-F79D28C2C914}
    [2013/07/21 15:13:20 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{BA6CBC9C-5E19-4316-BE3B-81CF0A9E6E0E}
    [2013/07/20 20:09:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{198697C3-1E18-46AF-858E-900A68D45FA6}
    [2013/07/18 10:19:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{41A77143-82C5-4A62-9DCF-7F9DEC9CE758}
    [2013/07/17 21:35:22 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{62E72EA3-ED0E-4EA4-B6D1-1B509A68FC5A}
    [2013/07/16 17:04:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{9FB29469-16B5-4AB2-ACAA-CF672AB598DB}
    [2013/06/28 15:11:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{ADF35871-C941-43EF-B7E3-B89882875DF3}
    [2013/06/27 09:11:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{43118244-5E10-4CB6-891F-30E07B91C8D8}
    [2013/06/26 09:12:00 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{4E779836-0CD6-4A6C-B48B-977FB761941C}
    [2013/06/24 16:58:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6F9D9210-718F-4446-979C-BC875EC146E8}
    [2013/06/23 09:41:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{80CD3038-A358-4CD3-B89A-EFE307F6C8AB}
    [2013/06/22 17:12:47 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{E84CA537-FF87-42FF-B5B4-9AA43115BAAD}
    [2013/06/21 12:35:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8EEEFF4E-342F-4448-A664-1C4241F0F85D}
    [2013/06/20 13:00:15 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{85CB8D47-D1CE-48B0-9C49-89C60B7DC13A}
    [2013/06/18 08:28:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{B5865038-40FA-471E-9C01-A44D0DF98C2B}
    [2013/06/16 11:04:14 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{636D4914-3CDB-4C16-99DF-D27080ECD663}
    [2013/06/15 17:48:21 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{24ED8A89-2852-4ABE-9751-74D024CBBF8F}
    [2013/06/14 17:35:10 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38385915-C874-4869-9C43-BD8036B3135F}
    [2013/06/13 08:08:50 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{6E71F416-D045-488A-AD4A-DA037F05102A}
    [2013/06/11 10:05:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{8A03AC04-E54A-4143-A464-C57976805C27}
    [2013/06/09 09:22:33 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{18B21537-82F3-46B0-B50E-2EA6B4F5344D}
    [2013/06/08 17:09:49 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D2542193-16CF-4E3A-B940-2DC845D35094}
    [2013/06/07 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{98CFF7BE-C72F-40AE-A65E-CFCF710E3F2B}
    [2013/06/06 19:56:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{09FB40EF-E511-4A27-8C16-AB8EC1A33E83}
    [2013/06/04 19:25:06 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{AEBBCEC3-FF77-4EB8-B0A1-3E5192FC461A}
    [2013/06/01 09:30:58 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{014D0918-D5D5-49B3-A931-F81805380360}
    [2013/05/31 18:48:32 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{003D0C0C-D6DB-41CB-8592-68EA494F097C}
    [2013/05/30 17:42:40 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{60568A09-DC62-4661-BD60-8A6D0E3B5E54}
    [2013/05/28 19:36:46 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{0A3A7F9F-D74E-4A76-A4BD-35670AC8F4E9}
    [2013/05/27 20:47:05 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{28F9E965-EA8F-444E-B0C3-1BFA28884B21}
    [2013/05/26 17:19:59 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{47856868-5481-4449-8B09-12A4BFCA283C}
    [2013/05/24 13:19:39 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{1B9D826D-B7AB-4896-84D8-0E6BEC306795}
    [2013/05/24 08:18:44 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{3091A177-D240-43D8-81B7-B9FF2E47EB58}
    [2013/05/23 18:24:55 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{D0FAF782-898C-4D56-907A-B492799676BB}
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 180 Days ==========

    [2013/11/19 17:01:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2013/11/19 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/11/19 16:45:31 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/11/19 16:35:52 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/11/19 16:35:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/11/19 16:35:19 | 2207,285,248 | -HS- | M] () -- C:\hiberfil.sys
    [2013/11/19 10:29:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
    [2013/11/19 10:22:16 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/11/19 10:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/11/16 17:06:21 | 000,000,977 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2013/11/14 09:10:01 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/11/14 08:09:01 | 000,785,500 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/11/14 08:09:01 | 000,669,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/11/14 08:09:01 | 000,127,656 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/11/13 16:50:46 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131114-091001.backup
    [2013/11/12 17:44:27 | 000,002,971 | ---- | M] () -- C:\Users\Home\Desktop\HiJackThis.lnk
    [2013/11/10 09:12:52 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131113-165046.backup
    [2013/11/03 09:27:48 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131110-091252.backup
    [2013/10/28 17:59:38 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/10/28 17:59:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/10/27 08:16:13 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131103-092748.backup
    [2013/10/20 15:38:48 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131027-081613.backup
    [2013/10/18 20:04:31 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131020-163848.backup
    [2013/10/13 08:03:39 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131018-210430.backup
    [2013/10/13 07:41:38 | 000,001,356 | ---- | M] () -- C:\Users\Public\Desktop\BT Desktop Help.lnk
    [2013/10/09 12:39:11 | 000,450,639 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131013-090338.backup
    [2013/09/25 21:07:30 | 000,148,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgdiska.sys
    [2013/09/24 20:29:46 | 000,070,112 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\cfwids.sys
    [2013/09/24 20:25:40 | 000,343,568 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfewfpk.sys
    [2013/09/24 20:25:24 | 000,182,752 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\mfevtps.exe
    [2013/09/24 20:22:48 | 000,781,312 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfehidk.sys
    [2013/09/24 20:21:32 | 000,519,192 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfefirek.sys
    [2013/09/24 20:20:28 | 000,310,224 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeavfk.sys
    [2013/09/24 20:19:56 | 000,179,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeapfk.sys
    [2013/09/23 13:49:22 | 000,197,704 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\HipShieldK.sys
    [2013/09/20 09:38:30 | 000,010,856 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfeclnrk.sys
    [2013/09/20 09:38:14 | 000,095,984 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencrk.sys
    [2013/09/20 09:37:56 | 000,390,552 | ---- | M] (McAfee, Inc.) -- C:\Windows\SysNative\drivers\mfencbdc.sys
    [2013/09/20 09:35:24 | 000,002,641 | ---- | M] () -- C:\Windows\SysNative\drivers\mfencrk.inf
    [2013/09/20 09:34:56 | 000,002,951 | ---- | M] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
    [2013/09/14 21:04:35 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20131009-133910.backup
    [2013/09/14 21:04:35 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130928-105832.backup
    [2013/09/14 21:00:52 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130914-220435.backup
    [2013/09/14 20:53:53 | 000,010,724 | ---- | M] () -- C:\Windows\SysNative\.crusader
    [2013/09/12 20:46:03 | 000,000,116 | ---- | M] () -- C:\Windows\Reimage.ini
    [2013/09/08 22:11:42 | 000,031,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgrkx64.sys
    [2013/09/05 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Regwork.job
    [2013/09/02 10:59:14 | 000,212,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
    [2013/09/02 10:29:18 | 000,294,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgloga.sys
    [2013/09/02 10:26:50 | 000,192,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsha.sys
    [2013/09/02 10:26:42 | 000,241,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
    [2013/08/28 20:24:16 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130914-220052.backup
    [2013/08/20 22:53:58 | 000,123,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
    [2013/08/14 22:13:03 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/14 20:22:06 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/08 04:59:35 | 000,051,827 | ---- | M] () -- C:\Windows\wininit.ini
    [2013/08/07 22:56:40 | 000,449,438 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130828-212415.backup
    [2013/08/07 22:43:13 | 000,001,395 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/08/07 21:54:59 | 000,001,262 | ---- | M] () -- C:\Users\Home\Desktop\Auslogics Disk Defrag.lnk
    [2013/08/01 16:07:06 | 000,251,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
    [2013/07/25 08:46:26 | 000,295,696 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/11/16 17:06:21 | 000,000,977 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2014.lnk
    [2013/11/12 17:44:27 | 000,002,971 | ---- | C] () -- C:\Users\Home\Desktop\HiJackThis.lnk
    [2013/10/31 20:39:35 | 000,002,641 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencrk.inf
    [2013/10/31 20:39:34 | 000,002,951 | ---- | C] () -- C:\Windows\SysNative\drivers\mfencbdc.inf
    [2013/09/14 20:53:53 | 000,010,724 | ---- | C] () -- C:\Windows\SysNative\.crusader
    [2013/09/12 20:43:32 | 000,000,116 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/09/12 18:29:36 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\UpdaterEX.job
    [2013/08/14 22:13:03 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/08/14 20:22:06 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2013/08/07 23:39:36 | 000,051,827 | ---- | C] () -- C:\Windows\wininit.ini
    [2013/08/07 22:43:13 | 000,001,407 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/08/07 22:43:13 | 000,001,395 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/08/07 21:54:59 | 000,001,262 | ---- | C] () -- C:\Users\Home\Desktop\Auslogics Disk Defrag.lnk
    [2012/04/29 18:46:11 | 000,000,780 | ---- | C] () -- C:\Users\Home\AppData\Roaming\result.db
    [2012/01/18 18:42:45 | 000,771,412 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/01/09 18:47:09 | 000,000,043 | ---- | C] () -- C:\Users\Home\jagex_cl_runescape_LIVE.dat
    [2012/01/09 18:47:09 | 000,000,024 | ---- | C] () -- C:\Users\Home\random.dat
    [2010/11/29 13:00:09 | 000,103,784 | ---- | C] () -- C:\Users\Home\GoToAssistDownloadHelper.exe
    [2010/11/28 13:02:48 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Roaming\wklnhst.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 01:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    < End of report >

  14. The Following User Says Thank You to macleod For This Useful Post:


  15. #8
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    Hi macleod,

    Before we begin removing any files I need you do uninstall an Anti Virus program, and post the Extra's .txt log. You posted 2 OTL.txt, no big deal.

    • AVG2014
    • McAfee


    The real-time protection of two antivirus programs may conflict with each other and cause the following:

    * False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    * Conflicts: Your system may lock up due to both products attempting to access the same file at the same time.
    * Performance: More that one antivirus will cause your PC to become slow and it may even crash or blue screen.
    * Less protection: Two antivirus trying to scan the same file may interfere with the process and allow a malicious file onto the computer without notice to you.
    Please uninstall 1 of those Anti Virus programs.

    Next

    On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

    Thanks
    Joe

  16. The Following User Says Thank You to zep516 For This Useful Post:


  17. #9
    Member
    Join Date
    Nov 2013
    Posts
    41
    Points
    14

    Default extra log

    Quote Originally Posted by zep516 View Post
    Hi macleod,

    Before we begin removing any files I need you do uninstall an Anti Virus program, and post the Extra's .txt log. You posted 2 OTL.txt, no big deal.

    • AVG2014
    • McAfee


    The real-time protection of two antivirus programs may conflict with each other and cause the following:


    the computer seems to have tampered with the log files so hopefully this will be the extra log requested

    OTL Extras logfile created on: 21/11/2013 16:43:27 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.74 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 42.47% Memory free
    5.48 Gb Paging File | 3.53 Gb Available in Paging File | 64.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.99 Gb Total Space | 199.84 Gb Free Space | 70.37% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
    .hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
    .js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
    .vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
    .wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = comfile] -- "%1" %*
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
    .js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- Reg Error: Key error.
    https [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
    "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{074B860F-6A7D-4F27-A19B-A5C0D55DE69A}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{092F5234-1D45-4ECC-B52C-A9DDA9FDB450}" = lport=445 | protocol=6 | dir=in | app=system |
    "{1099AA5E-F1CB-4774-824E-74100433D255}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{1481CDC3-0B17-4052-A520-64F621F14E34}" = rport=138 | protocol=17 | dir=out | app=system |
    "{29C0B3FD-3313-4E78-B469-E99ABDFB22C2}" = lport=139 | protocol=6 | dir=in | app=system |
    "{30F78534-63AD-4C27-8680-B6198B75C293}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{4888FE01-D0DC-4351-A655-32C4B8E3B841}" = lport=137 | protocol=17 | dir=in | app=system |
    "{509E1ACD-4F9A-4E0B-B195-D7C5073C9AAD}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6F2D5BC5-0566-45DE-8EEA-9E51EE8491A9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7174C34D-29C6-4D25-87BB-DEB923B74A11}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{71CFE9BE-F2E0-47E0-BE93-5FACE1939B13}" = lport=138 | protocol=17 | dir=in | app=system |
    "{772C9D09-597A-4A0F-AE61-AD6E6D3E5575}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{84FAC569-192D-4BF4-A4CC-70801464C2FD}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{91ADF436-4E7A-45F1-92D7-A712EDCBB540}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{93B222ED-5366-4E89-A451-A158814197C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{9DEC9EAC-ACE7-4A89-8BB3-54D3957D32EE}" = rport=445 | protocol=6 | dir=out | app=system |
    "{9FBFC830-4DB1-45DA-9AF9-9AC72E6417BF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{A147E321-19AC-4910-9F8D-F2B3735EC75C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A4A62292-9DE8-4B86-841E-D0CE1D44997E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B0424838-A9F6-444B-92A7-9E415B07F3F7}" = rport=137 | protocol=17 | dir=out | app=system |
    "{B4B547B1-3C01-47B2-9526-4543DC0085E1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B73E5BDF-48F1-45C0-BF5E-5BF07D5C50D6}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{CD6DB9BA-2BF1-460E-B0AF-FEE227F7D90A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{CF5F44C2-8766-4CCC-A180-38069B6D120B}" = lport=49181 | protocol=6 | dir=in | name=akamai netsession interface |
    "{D537A8CD-511E-4ED9-9BE0-276015313C4F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E1810994-DDAE-4930-B5A0-8FA5DAFF7D0E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EB7CD53D-35A1-4012-83A5-B6F17FEA5D4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FA740374-244A-4DC8-8761-E4DF54FB7198}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FE1F3507-D3FD-4F82-86D1-DE4DC827ABB9}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0145E7C2-CE69-46F7-954F-B2C83FB0CB5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0214C8E0-FF7E-4DE3-ADF3-37F233498D2E}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
    "{06D4E3F1-8A2F-42B8-A031-4077D1D6AF4C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{06EA8108-4DFB-4D7D-B337-20F6C15BA111}" = protocol=58 | dir=in | app=system |
    "{0DFEAE6F-18C7-47B7-9CC4-8C159417DA51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgemca.exe |
    "{1097675C-32D5-41C7-93C3-6BF80338E186}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe |
    "{12E14F07-5EA5-43EF-95B7-432EC0FF1F0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{1CF19E17-5C33-4DC5-8A1B-604B3FE79083}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{22C3F91F-21B7-4872-8A80-ED42756658B3}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\farmingsimulator2011.exe |
    "{251F9B79-C41B-4F46-9A1D-54EC1840A3A1}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\farmingsimulator2011.exe |
    "{2787B2C5-AD98-4433-AE5C-18E874A8933B}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
    "{27CAD9FA-0442-475C-9761-012F5A258548}" = protocol=6 | dir=in | app=c:\users\home\appdata\roaming\spotify\spotify.exe |
    "{2B231B6B-BF11-416A-AC85-FC03A2A2773E}" = protocol=17 | dir=in | app=c:\users\home\appdata\roaming\spotify\spotify.exe |
    "{2E7C43C5-B43E-467D-BB94-85EEB9EEEA63}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{311EE521-9799-4BE0-8C02-DBD2013EF7FC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{3920A9D2-F596-4A00-A41E-E98F55A80A85}" = protocol=6 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |
    "{392828C3-7F35-46F0-8C0F-63C6CB18B258}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{39C79537-5985-4F3C-860E-8B634F191D9F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4040E063-7607-496A-A14A-B300649853F1}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{42C34D92-2DE7-4B7A-A7F2-F041F4FA113C}" = protocol=17 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\node.exe |
    "{48D98A15-2D99-4239-9650-CE792A636B0C}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
    "{49D0BE89-FFE1-44CD-8C22-8252E6721993}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{501CE7B0-9C0C-4397-AA4F-D82982D6A9C1}" = protocol=6 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |
    "{542C1D8A-27F3-402F-836C-8CFA4D7E2308}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe |
    "{57C74C4A-70BB-410F-812B-AAB8CAE9D2ED}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
    "{5B5100D8-C10D-4666-8D51-3790D7C46597}" = protocol=17 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |
    "{5B9144BE-2A04-460A-B426-5297B064B09B}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{5D530CFD-F022-4667-AC3D-AE4F26DB8D3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{64C94229-90AC-49A8-983F-BF33DFD40C7A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgdiagex.exe |
    "{677687BF-A352-4DEF-B7DA-210D1012521D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6AD5FE80-BF57-440E-8666-7451178519F0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{6B3B50EB-2345-49C5-B75B-70C668215C35}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold 2\stronghold2.exe |
    "{72390B99-6ACF-40D1-A36C-56650CDD6969}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{74BE0C8D-D126-40F2-A28E-51F475860E2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7BAB3FCF-2876-4DB8-A240-27A411F6F62F}" = protocol=6 | dir=in | app=c:\users\home\appdata\local\akamai\netsession_win.exe |
    "{886F364C-3F74-4988-AC53-8DA3EEB4C023}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{893D6C22-CB02-4411-8B4A-1316D3067197}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{8B72363B-0194-42D6-B7D2-48DBB525A404}" = protocol=17 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\bthelpbrowser.exe |
    "{8DEBF924-A809-4CF9-9534-C1BABFA6F777}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{8FC313AA-BEAA-4596-A0B9-B40F62C341BF}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe |
    "{96A08DEA-6400-4A10-96B3-64DE44D452D5}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\game.exe |
    "{985E7501-32F8-4378-9B49-260448296B01}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{987B4F51-F0E6-4652-873C-0F934236ECAE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9B101037-A4A2-4CAD-88CE-125FB3403290}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{A0DB4AED-6751-45B9-A85B-F93FD7D1FF5E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{A27D3DE6-CB9A-46F1-8392-6A8A39F33311}" = protocol=6 | dir=in | app=c:\program files (x86)\bt broadband desktop help\btbb\ma\8.3.1.7.bt.1.3\ma\bin\node.exe |
    "{AA4020DA-5C36-40C7-9101-F3EE793C2194}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
    "{ACDB6538-204E-42A9-990C-B81E146060D5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{AD9ED879-FC8E-42D2-915F-AD395566D90A}" = protocol=17 | dir=in | app=c:\program files (x86)\farming simulator 2011\farmingsimulator2011.exe |
    "{B1B70DF3-F9A0-4926-B113-F0BF9CFCC0B5}" = protocol=6 | dir=out | app=system |
    "{B61578D5-8E06-4224-9A1A-370B79B54C0C}" = protocol=17 | dir=in | app=c:\users\home\downloads\sweetimsetup.exe |
    "{B787F8E4-0B34-4B93-A05F-000157CC8E97}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
    "{B84D6353-2AD4-49C7-A4DE-EF2D19292ECB}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{BD390210-3938-4BDF-B855-47754DA55C92}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe |
    "{C299BA0E-712C-4853-9B72-A8F63D7F0533}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
    "{C3A938ED-4362-4336-91A9-D30B9AD30C77}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{C57F16E9-4886-4A5B-A6B2-69AF48AE2C5A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgnsa.exe |
    "{C892F56E-47EA-4138-9DB7-497ACAD8C5BD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CF92EF4D-E02A-44F1-B03C-FAC8AC4013D7}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
    "{D0502FA9-F7CF-4F57-8141-A7D7B88B71F4}" = protocol=6 | dir=in | app=c:\program files (x86)\farming simulator 2011\farmingsimulator2011.exe |
    "{D3ABCFFC-AD71-484A-8A05-BE4E5D102142}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
    "{D4F73A0A-6E5D-4BDF-B741-6A3496C05D13}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
    "{D64BB815-AA31-409B-85DB-AC1BE5EABD24}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
    "{D6C07939-A0E2-44DA-BAEA-A7968BE9D646}" = protocol=17 | dir=in | app=c:\users\home\appdata\local\akamai\netsession_win.exe |
    "{DA7A9820-F57C-4B0B-9381-8C738B5F7A25}" = protocol=6 | dir=in | app=c:\users\home\downloads\sweetimsetup.exe |
    "{DD9103A1-1D2E-426F-B28E-ECB264B549A2}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
    "{E35ED247-2C18-4981-80D6-657F37322ECE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{ED4791F3-E049-47BB-8BB1-7BC64BBCE78B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
    "{EFEF9F11-64EC-4A02-AB27-40E810EEAD96}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{F451A4A1-A00F-47C9-B0A4-451E9D42B52D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{F65F1048-BE89-4486-99BD-C654460D00C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
    "{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{1D005A51-8EA5-42F8-B37B-FD30FEEF0D04}" = AVG 2014
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BB347A7-68B5-4E46-9FCC-17F6172BA9E1}" = Share64
    "{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
    "{A84DB02B-9C2B-4272-9D2D-A80E00A56513}" = Broadcom Gigabit NetLink Controller
    "{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{DF1A8490-3CD2-4878-92BE-F746D7CCACC1}" = AVG 2014
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2014
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{AA902C31-B49D-4608-BCCF-2519EB77722D}" = Corel VideoStudio Pro X4
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3990E632-42C3-4A25-ADFF-1101E3D6DD47}" = VSClassic
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = Packard Bell Power Management
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype 6.9
    "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
    "{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
    "{707bfad4-e437-40ed-9c9c-32dbc1d89a23}" = Nero 9 Essentials
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
    "{7337268E-47CC-469B-BBB3-353CE7107580}" = HD Writer LE 1.1
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management
    "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{935B40F5-6994-4868-9155-F9FB77A5048F}" = Microsoft Expression Encoder 4
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{952DCCD8-4039-46C8-BC8B-5C1EB6C8E130}" = Microsoft Expression Encoder 4 Screen Capture Codec
    "{97B4DF0B-7499-455F-AFBA-F70F64D6D86A}" = SweetIM for Messenger 3.5
    "{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
    "{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A567895C-1D23-48ED-BE83-FB3ED7D30442}" = IPM_VS_Pro
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA902C31-B49D-4608-BCCF-2519EB77722D}" = ICA
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
    "{B0125BEB-6731-43FA-88DA-B64D7BD3AD2D}" = VSPro
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B84ECBE1-6ED5-4E86-B4AB-DF46D342411F}" = Share
    "{B87FAC24-973D-4A4F-AFC4-555FB95B32DB}" = PureHD
    "{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C4778408-3268-45CE-AE15-772D1739A1F1}" = VIO
    "{C6017EEA-9E51-4129-84BA-EFA9520E69D8}" = Common
    "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
    "{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
    "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
    "{CC4C7E9B-4B26-4D8D-8076-40CF708A9FA4}" = Contents
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D07F85DE-22F1-4FB4-B3D1-402FD22C4870}" = DeviceIO
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D68897FC-7E8D-4849-819A-726B2489713C}" = ISCOM
    "{D8D9BCF5-0F5F-4D3F-8427-64B7632F93BE}" = Setup
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
    "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
    "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "Akamai" = Akamai NetSession Interface Service
    "Bandicam" = Bandicam
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "BT Desktop Help" = BT Desktop Help
    "Canon MP270 series User Registration" = Canon MP270 series User Registration
    "CanonMyPrinter" = Canon Utilities My Printer
    "CanonSolutionMenu" = Canon Utilities Solution Menu
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "Debut" = Debut Video Capture Software
    "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
    "Edexcel CC GCSE AS" = Edexcel CC GCSE AS 1.0
    "Encoder_4.0.1651.0" = Microsoft Expression Encoder 4
    "Game Booster_is1" = Game Booster
    "Identity Card" = Identity Card
    "InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
    "InstallShield_{64EF903E-D00A-414C-94A4-FBA368FFCDC9}" = Packard Bell Social Networks
    "InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Packard Bell MyBackup
    "InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Metaboli" = Metaboli
    "Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "Packard Bell Game Console" = Packard Bell Game Console
    "Packard Bell InfoCentre" = Packard Bell InfoCentre
    "Packard Bell Registration" = Packard Bell Registration
    "Packard Bell Screensaver" = Packard Bell ScreenSaver
    "Packard Bell Welcome Center" = Welcome Center
    "Prism" = Prism Video File Converter
    "Rapport_msi" = Trusteer Endpoint Protection
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "VideoPad" = VideoPad Video Editor
    "WildTangent packardbell Master Uninstall" = Packard Bell Games
    "Windows Media Encoder 9" = Windows Media Encoder 9 Series
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.10 (32-bit)
    "WT078791" = Bejeweled 2 Deluxe
    "WT078806" = Insaniquarium Deluxe
    "WT078833" = Zuma Deluxe
    "WT078960" = Blasterball 3
    "WT078964" = Bob the Builder Can-Do-Zoo
    "WT079020" = Faerie Solitaire
    "WT079064" = Jewel Quest
    "WT079068" = Jewel Quest Solitaire 3
    "WT079108" = Penguins!
    "WT079116" = Polar Bowler
    "WT079120" = Polar Golfer
    "WT079124" = Polar Pool
    "WT079177" = Virtual Villagers - A New Home
    "WT079184" = Yahtzee
    "WT079363" = Build-a-lot 2
    "WT079366" = Chicken Invaders 3 - Revenge of the Yolk
    "WT079395" = Escape Rosecliff Island
    "WT079397" = Mahjongg Artifacts
    "WT079421" = Virtual Families

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1210293595-3122989528-1577783925-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Akamai" = Akamai NetSession Interface
    "UpdaterEX" = Extended Update

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 12/11/2013 15:30:51 | Computer Name = Home-PC | Source = AVLogEvent | ID = 5004
    Description =

    Error - 12/11/2013 15:30:52 | Computer Name = Home-PC | Source = AVLogEvent | ID = 5004
    Description =

    Error - 12/11/2013 15:30:53 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: mcshield.exe, version: 1.1.2.123, time
    stamp: 0x521df4ef Faulting module name: ntdll.dll, version: 6.1.7600.16915, time
    stamp: 0x4ec4b137 Exception code: 0xc0000005 Fault offset: 0x000000000004c8f4 Faulting
    process id: 0xca8 Faulting application start time: 0x01cedfd03fc37e9f Faulting application
    path: C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe Faulting module path:
    C:\Windows\SYSTEM32\ntdll.dll Report Id: f1086ee7-4bd0-11e3-bea4-88ae1d5d4f69

    Error - 16/11/2013 09:05:12 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: googleearth.exe, version: 7.1.2.2041, time
    stamp: 0x525310f1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
    time stamp: 0x50e6605e Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting
    process id: 0x88c Faulting application start time: 0x01cee2cc7393d858 Faulting application
    path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: b99b46af-4ebf-11e3-b8d0-88ae1d5d4f69

    Error - 16/11/2013 09:05:15 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: googleearth.exe, version: 7.1.2.2041, time
    stamp: 0x525310f1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
    time stamp: 0x50e6605e Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting
    process id: 0x1a98 Faulting application start time: 0x01cee2cc7bcaf78b Faulting application
    path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: bb85157c-4ebf-11e3-b8d0-88ae1d5d4f69

    Error - 16/11/2013 09:05:26 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: googleearth.exe, version: 7.1.2.2041, time
    stamp: 0x525310f1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
    time stamp: 0x50e6605e Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting
    process id: 0x1a40 Faulting application start time: 0x01cee2cc82273c11 Faulting application
    path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: c2219758-4ebf-11e3-b8d0-88ae1d5d4f69

    Error - 16/11/2013 11:53:34 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: googleearth.exe, version: 7.1.2.2041, time
    stamp: 0x525310f1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
    time stamp: 0x50e6605e Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting
    process id: 0xf4c Faulting application start time: 0x01cee2e3f996ba95 Faulting application
    path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 3f32bd07-4ed7-11e3-b8d0-88ae1d5d4f69

    Error - 16/11/2013 11:54:29 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: googleearth.exe, version: 7.1.2.2041, time
    stamp: 0x525310f1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
    time stamp: 0x50e6605e Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting
    process id: 0x1750 Faulting application start time: 0x01cee2e41ba527fc Faulting application
    path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: 5fb4bdc2-4ed7-11e3-b8d0-88ae1d5d4f69

    Error - 16/11/2013 12:27:27 | Computer Name = Home-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 8.0.7600.17267 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 1890 Start
    Time: 01cee2e624571d6e Termination Time: 10 Application Path: C:\Program Files (x86)\Internet
    Explorer\iexplore.exe Report Id: ef5b88ab-4edb-11e3-b8d0-88ae1d5d4f69

    Error - 17/11/2013 13:07:02 | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: googleearth.exe, version: 7.1.2.2041, time
    stamp: 0x525310f1 Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
    time stamp: 0x50e6605e Exception code: 0xc06d007e Fault offset: 0x0000c41f Faulting
    process id: 0x10e8 Faulting application start time: 0x01cee3b767efaadc Faulting application
    path: C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe Faulting
    module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: ad0f9f5a-4faa-11e3-8345-88ae1d5d4f69

    Error - 19/11/2013 14:45:05 | Computer Name = Home-PC | Source = Application Hang | ID = 1002
    Description = The program firefox.exe version 25.0.1.5064 stopped interacting with
    Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d44 Start
    Time: 01cee5576b049b67 Termination Time: 10 Application Path: C:\Program Files (x86)\Mozilla
    Firefox\firefox.exe Report Id: b0a92941-514a-11e3-a41f-88ae1d5d4f69

    [ Spybot - Search and Destroy Events ]
    Error - 07/08/2013 19:42:35 | Computer Name = Home-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 07/08/2013 19:52:13 | Computer Name = Home-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    Error - 08/08/2013 00:59:59 | Computer Name = Home-PC | Source = SDCleaner | ID = 100
    Description = LoadCleaningInstructions

    [ System Events ]
    Error - 19/11/2013 12:40:43 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The McAfee Home Network service failed to start due to the following
    error: %%1053

    Error - 19/11/2013 17:32:59 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the mfecore service.

    Error - 20/11/2013 18:47:55 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the mfecore service.

    Error - 21/11/2013 10:15:24 | Computer Name = Home-PC | Source = DCOM | ID = 10010
    Description =

    Error - 21/11/2013 12:34:51 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the AVGIDSAgent
    service to connect.

    Error - 21/11/2013 12:34:51 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The AVGIDSAgent service failed to start due to the following error:
    %%1053

    Error - 21/11/2013 12:35:34 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the AVG
    WatchDog service to connect.

    Error - 21/11/2013 12:35:34 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The AVG WatchDog service failed to start due to the following error:
    %%1053

    Error - 21/11/2013 12:36:55 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009
    Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
    2 Scanner Service service to connect.

    Error - 21/11/2013 12:36:55 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
    following error: %%1053


    < End of report >


    Please uninstall 1 of those Anti Virus programs.

    Next

    On the first time you ran it OTL creates 2 log reports. The one I need is called Extras .txt do you have that log? If so post it, If not I would like you to re-run OTL once more so we can re create the log, before you run the scan I need you to do this--> under the Extra Registry section please put a check mark in "All" then hit Runscan, when OTL is done scanning 2 logs will be generated, the first log will pop up in front of you, the second log will be mimized to the task bar down by the clock area, called Extras .txt please post that log. Really don't need to post the first one as we already have that one.

    Thanks
    Joe

  18. The Following User Says Thank You to macleod For This Useful Post:


  19. #10
    Member Spyware Fighter zep516's Avatar
    Join Date
    Dec 2005
    Location
    Pittsburgh, Pa
    Posts
    7,173
    Points
    1307

    Default

    We need to fix a few things using OTL

    • Double click on the to open the program. On Vista/Win7/Win8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :COMMANDS
      [CREATERESTOREPOINT]
      
      :OTL
      IE - HKU\S-1-5-21-1210293595-3122989528-1577783925-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
      FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
      FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKLM..\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe File not found
      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_31)
      O18:64bit: - Protocol\Handler\livecall - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
      O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
      O18:64bit: - Protocol\Handler\msnim - No CLSID value found
      [2013/11/19 10:29:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\UpdaterEX.job
      [2013/09/05 22:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\Regwork.job
      
      :Files
      
      ipconfig /flushdns /c
      
      :Commands
      
      [resethosts]
      [emptytemp]
    • Make sure all other windows are closed.
    • Click the Run Fix button at the top
    • Let the program run uninterrupted. The computer should reboot when the scan is done. If not, please reboot the computer.
    • Post the log that is found in C:\_OTL\Moved Files in your next reply.
    • Open OTL again and click the Quick Scan button.



    Next

    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers
    • Double click on AdwCleaner.exe to run the tool
    • Click the Scan button and wait for the process to complete.
    • Click the Report button and the report will open in Notepad
    • NOTE: If you get an error message, it means that nothing was found. Exit from AdwCleaner.
    • Click on the Clean button follow the prompts.
    • A log file will automatically open after the scan has finished and the PC has rebooted
    • Please post the content of that log file with your next answer
    • You can find the log file at C:\AdwCleaner


    Next

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    Next

    Download Security Check by screen317 from http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.spywareinfoforum.org/
    Save it to your Desktop.
    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.



    Please post the following logs in your next reply:

    • C:\_OTL\Moved Files
    • OTL.txt
    • checkup.txt
    • AdwCleaner[S0].txt
    • JRT.txt


    Tell me how things are with the computer
    Thanks
    Joe
    Last edited by zep516; 11-21-2013 at 04:27 PM.

  20. The Following User Says Thank You to zep516 For This Useful Post:


Page 1 of 4 123 ... LastLast