Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

MBAM keeps stopping after detecting 47 issues in 29 seconds

  • 19-09-2013 2:52pm
    #1
    Registered Users Posts: 54 ✭✭


    Hi guys I have a windows 7 laptop and it keeps saying that the hard drive is failing. I ran malwarebytes and it came up with 47 threats but stopped responding after 29 seconds. I have tried using the chameleon tool in malwarebytes but so far no joy. If anybody has any suggestions on how to get this running or has any info on what kind of malware this might be I would much appreciate it. thanks


Comments

  • Registered Users Posts: 840 ✭✭✭jsa112


    run mbam in safe mode, post the log here if it does work

    if not, do this instead

    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Registered Users Posts: 54 ✭✭brutus99


    I am on my way to work thanks I will do that in the morning


  • Registered Users Posts: 54 ✭✭brutus99


    sorry it took so long but the laptop would not allow me o do it for a while.


    OTL logfile created on: 9/20/2013 5:35:23 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
    7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS

    Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/09/20 17:35:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marizangela\Downloads\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/02/03 07:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2013/09/20 01:52:57 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
    SRV - [2013/09/14 00:18:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/03/13 21:18:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/21 11:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/06 14:43:06 | 001,850,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe -- (BecHelperService)
    SRV - [2010/06/08 17:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 21:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 21:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/09/18 21:03:57 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/02 14:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2010/12/02 14:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/30 13:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/08/25 21:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/08/12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/07/06 13:28:34 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2010/07/06 13:28:34 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2010/07/06 13:28:34 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2010/06/18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/06/08 17:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/17 22:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/17 22:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/03/17 22:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 07:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2010/02/03 07:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
    DRV:64bit: - [2010/02/03 07:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: - No CLSID value found
    IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_hpdel_3112_5&babsrc=SP_ss&mntrId=7c4e86d40000000000001c659da6a82d
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enIE425
    IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
    FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={8242FA9E-CB65-4A7C-8E0B-1052D05D7DE4}&mid=2cb9bfca179547d38c5547fa1e96c59c-083652ad71c58a7fdde908c8815f1d24325e80a4&lang=en&ds=re011&pr=sa&d=2013-09-20 01:53:53&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
    FF - prefs.js..extensions.enabledAddons: gadget%40gadgetbox:1.6
    FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q="
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
    FF - prefs.js..browser.search.order.3: "Bing "


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\marizangela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/06 23:33:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/09/20 01:54:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/13 21:18:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/06/24 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Extensions
    [2013/04/27 10:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions
    [2012/08/05 16:41:49 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    [2012/08/05 17:01:26 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\501e970cd2dc2@501e970cd2dfc.info
    [2012/08/07 18:40:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com
    [2012/08/05 17:01:26 | 000,000,000 | ---D | M] (GadgetBox) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\gadget@gadgetbox
    [2013/04/03 23:47:22 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\pricepeep@getpricepeep.com.xpi
    [2013/04/27 10:33:50 | 000,002,402 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\bingp.xml
    [2012/08/05 16:54:55 | 000,000,487 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\GadgetBox.xml
    [2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/03/13 21:18:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/05 17:01:05 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2013/03/07 19:40:54 | 000,001,240 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
    [2013/03/07 19:40:54 | 000,001,425 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
    [2013/09/20 01:54:21 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
    [2013/03/13 11:21:05 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2013/03/07 19:40:54 | 000,001,381 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
    [2013/03/07 19:40:54 | 000,001,165 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

    ========== Chrome ==========

    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=pt-BR&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR - homepage: http://br.msn.com/?pc=UP21&ocid=UP21DHP&dt=042713
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
    CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
    CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
    CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
    CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
    CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
    CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2011/08/09 03:42:10 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
    O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\marizangela\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [MX Skype Recorder] "C:\ProgramData\MXSkypeRecorder\MXSkypeRecorder.exe" /autorun File not found
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF8628A-C02E-4004-8CA2-FB11E8CF8DF4}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
    O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell - "" = AutoRun
    O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/20 15:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/09/20 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/09/20 15:44:32 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/09/20 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/09/20 14:52:54 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2014
    [2013/09/20 14:26:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\Desktop\RK_Quarantine
    [2013/09/20 02:06:01 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\AVG SafeGuard toolbar
    [2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\MFAData
    [2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2013
    [2013/09/20 01:53:49 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/09/20 01:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/09/20 01:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/09/14 02:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
    [2013/09/14 00:18:16 | 009,430,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/09/10 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Malwarebytes
    [2013/09/10 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/09/10 15:08:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/09/10 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Programs
    [2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2013/09/09 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\ElevatedDiagnostics
    [2013/09/09 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6B27E3D2-E075-4B0E-B839-9FF806272759}
    [2013/09/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2C26F81D-94E8-4B4B-8C79-0DDDC3856805}
    [2013/09/08 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B0CADF31-0F99-4BAC-8828-34D4764E292D}
    [2013/09/06 18:07:57 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{3CBD13C3-FB36-497F-8605-1BC5B40BAE2D}
    [2013/09/06 16:13:39 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{CCCACE7C-803B-472A-AE05-5F3E8550EC27}
    [2013/09/05 12:32:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{F47994FE-B400-48C0-8DD8-9D2042DCF8E7}
    [2013/09/04 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{BC9E829B-15EE-4916-A258-EB6199515CA3}
    [2013/09/03 12:24:17 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{54083515-0C20-4142-ACCA-B642F05DCB7C}
    [2013/09/03 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{71122173-EF78-4805-89E7-A80AF90FE2F7}
    [2013/09/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{04FD0E9F-1878-4B89-B3D0-A886073DEC93}
    [2013/09/02 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{709FB825-020C-4599-8924-4B51C3126E13}
    [2013/09/01 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5E831CE3-20F0-4815-8341-F32BD90F54A7}
    [2013/09/01 16:32:50 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C95785C2-4345-4381-AA8B-DFBBDF0E3F2F}
    [2013/09/01 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{FF0F75BB-D6AA-4E04-A332-C3625E82A9B2}
    [2013/08/31 17:14:47 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2ACFF5F9-0274-4E4A-A443-16C2D72FE466}
    [2013/08/31 05:54:28 | 000,000,000 | -HSD | C] -- C:\found.001
    [2013/08/31 04:57:13 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6FD6E65-98B6-47B4-BC42-02E26C43DC9C}
    [2013/08/30 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{09B7B92C-2DD4-4279-A5A6-9794C2D74FFE}
    [2013/08/29 21:39:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{72879E4A-BEEC-4FDC-9D3E-75175B017388}
    [2013/08/29 09:39:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D1C84993-0761-489C-8087-2AC5C39B94F7}
    [2013/08/29 09:25:28 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{544B0070-6D1F-42DA-873C-5DCF349ECAA5}
    [2013/08/28 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{0097F932-5742-4F03-B69D-34571AC09FA0}
    [2013/08/27 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D8F78F22-0C93-4602-9DED-9897C14C133D}
    [2013/08/27 10:33:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5DF81C7F-0D4F-42CA-AA03-441C669D3E46}
    [2013/08/26 13:22:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6E0F50B-DC71-4C68-9B98-F8EA956ABEFC}
    [2013/08/25 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{31C911F9-FA47-46BC-A25F-51740D1EF669}
    [2013/08/25 01:02:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B997EA99-3213-4CC1-BB12-E4568E4EC043}
    [2013/08/24 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6638AA01-01D8-41C5-B1F4-A4DBB47C0F0B}
    [2013/08/23 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{286C1AF0-9616-41C5-8BFC-03ECBB30A015}
    [2013/08/23 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{1C3643BE-4EDD-4D7B-93D8-B2C6CA24879E}
    [2013/08/22 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{791D6605-F762-4EB4-AD03-E204FAC7EF8B}

    ========== Files - Modified Within 30 Days ==========

    [2013/09/20 17:38:40 | 000,660,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/09/20 17:38:40 | 000,148,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/09/20 17:38:40 | 000,005,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/09/20 17:32:07 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/09/20 17:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/20 17:31:24 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/20 16:51:12 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
    [2013/09/20 16:01:47 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{FA2F8BAD-1309-41A8-9109-5EB93D30D126}.job
    [2013/09/20 16:01:47 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{21F8C45C-2390-4B4C-871D-F95F77FBC090}.job
    [2013/09/20 16:01:46 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
    [2013/09/20 15:44:45 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/09/20 15:44:35 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/09/20 11:46:23 | 000,102,774 | ---- | M] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
    [2013/09/20 08:44:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
    [2013/09/20 04:42:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
    [2013/09/20 04:42:54 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/20 04:42:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/20 04:42:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/20 02:16:36 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/20 02:03:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
    [2013/09/20 02:03:06 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/20 01:55:00 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    [2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/18 21:03:57 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013/09/18 19:00:01 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2013/09/14 00:18:43 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/09/14 00:18:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/09/14 00:18:18 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/09/10 15:08:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/09/09 21:27:41 | 000,001,226 | ---- | M] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
    [2013/09/06 16:50:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job
    [2013/09/04 21:41:41 | 000,002,404 | ---- | M] () -- C:\Users\marizangela\Desktop\Google Chrome.lnk
    [2013/09/04 10:35:10 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job

    ========== Files Created - No Company Name ==========

    [2013/09/20 15:44:45 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/09/20 15:44:35 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/09/20 15:44:35 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/09/20 11:46:20 | 000,102,774 | ---- | C] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
    [2013/09/20 08:44:02 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
    [2013/09/20 01:52:16 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    [2013/09/20 01:51:43 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/09/18 21:03:57 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013/09/10 15:08:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/09/09 21:27:41 | 000,001,226 | ---- | C] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
    [2011/07/18 02:09:27 | 000,007,168 | ---- | C] () -- C:\Users\marizangela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/15 12:30:04 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DDD021B2-AB12-4517-BD0B-875E34B47D49}
    [2011/06/14 21:18:29 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{41F07D51-3C56-4175-915F-44B812118DBF}
    [2011/06/14 21:16:33 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{88218D66-235E-405C-90C7-4890A0A1E918}
    [2011/06/14 19:04:40 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{68E38D72-BD86-4F4B-813B-6B5D90825DF4}
    [2011/06/14 19:02:52 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{899E634D-3B54-461A-B8F2-1D32A77B75F4}
    [2011/06/14 16:07:46 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DEDB01C3-AF4C-4BB1-9565-0EC1DDBD6C67}
    [2011/06/14 16:05:56 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{65EF707C-9C62-4B40-9457-6727D38A4F27}
    [2011/06/14 15:29:03 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{B2D18342-B939-4D80-AE06-F8C5B855B20D}
    [2011/06/12 13:16:35 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{9131971D-475E-4433-B752-AA81A6A8D464}
    [2011/03/28 19:41:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >




    OTL Extras logfile created on: 9/20/2013 5:35:23 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
    7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS

    Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 2


  • Registered Users Posts: 54 ✭✭brutus99


    sorry it took so long but the laptop would not allow me o do it for a while.


    OTL logfile created on: 9/20/2013 5:35:23 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
    7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS

    Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/09/20 17:35:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marizangela\Downloads\OTL.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/06/18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/02/03 07:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
    SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
    SRV - [2013/09/20 01:52:57 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
    SRV - [2013/09/14 00:18:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2013/03/13 21:18:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/21 11:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
    SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/07/06 14:43:06 | 001,850,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe -- (BecHelperService)
    SRV - [2010/06/08 17:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/03 21:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/03/03 21:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2013/09/18 21:03:57 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
    DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/11/29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/12/02 14:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
    DRV:64bit: - [2010/12/02 14:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
    DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/08/30 13:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/08/25 21:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/08/12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/07/06 13:28:34 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
    DRV:64bit: - [2010/07/06 13:28:34 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV:64bit: - [2010/07/06 13:28:34 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
    DRV:64bit: - [2010/06/18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/06/08 17:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/03/17 22:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/03/17 22:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2010/03/17 22:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2010/02/03 07:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV:64bit: - [2010/02/03 07:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
    DRV:64bit: - [2010/02/03 07:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
    DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\URLSearchHook: - No CLSID value found
    IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
    IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
    IE - HKCU\..\URLSearchHook: - No CLSID value found
    IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q={searchTerms}&src=IE-SearchBox
    IE - HKCU\..\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_hpdel_3112_5&babsrc=SP_ss&mntrId=7c4e86d40000000000001c659da6a82d
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enIE425
    IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
    IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}
    IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
    FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
    FF - prefs.js..browser.search.defaultthis.engineName: ""
    FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q=&quot;
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
    FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
    FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
    FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={8242FA9E-CB65-4A7C-8E0B-1052D05D7DE4}&mid=2cb9bfca179547d38c5547fa1e96c59c-083652ad71c58a7fdde908c8815f1d24325e80a4&lang=en&ds=re011&pr=sa&d=2013-09-20 01:53:53&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
    FF - prefs.js..extensions.enabledAddons: gadget%40gadgetbox:1.6
    FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q=&quot;
    FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
    FF - prefs.js..browser.startup.homepage: ""
    FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
    FF - prefs.js..browser.search.order.3: "Bing "


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\marizangela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/06 23:33:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/09/20 01:54:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/13 21:18:39 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

    [2012/06/24 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Extensions
    [2013/04/27 10:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions
    [2012/08/05 16:41:49 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    [2012/08/05 17:01:26 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\501e970cd2dc2@501e970cd2dfc.info
    [2012/08/07 18:40:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com
    [2012/08/05 17:01:26 | 000,000,000 | ---D | M] (GadgetBox) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\gadget@gadgetbox
    [2013/04/03 23:47:22 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\pricepeep@getpricepeep.com.xpi
    [2013/04/27 10:33:50 | 000,002,402 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\bingp.xml
    [2012/08/05 16:54:55 | 000,000,487 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\GadgetBox.xml
    [2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/03/13 21:18:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/08/05 17:01:05 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2013/03/07 19:40:54 | 000,001,240 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
    [2013/03/07 19:40:54 | 000,001,425 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
    [2013/09/20 01:54:21 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
    [2013/03/13 11:21:05 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2013/03/07 19:40:54 | 000,001,381 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
    [2013/03/07 19:40:54 | 000,001,165 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml

    ========== Chrome ==========

    CHR - default_search_provider: Bing (Enabled)
    CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=pt-BR&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
    CHR - homepage: http://br.msn.com/?pc=UP21&ocid=UP21DHP&dt=042713
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
    CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
    CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
    CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
    CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
    CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
    CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
    CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
    CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
    CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
    CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2011/08/09 03:42:10 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
    O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
    O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
    O4 - HKCU..\Run: [Facebook Update] C:\Users\marizangela\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [MX Skype Recorder] "C:\ProgramData\MXSkypeRecorder\MXSkypeRecorder.exe" /autorun File not found
    O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
    O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF8628A-C02E-4004-8CA2-FB11E8CF8DF4}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
    O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell - "" = AutoRun
    O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/09/20 15:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/09/20 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    [2013/09/20 15:44:32 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
    [2013/09/20 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/09/20 14:52:54 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2014
    [2013/09/20 14:26:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\Desktop\RK_Quarantine
    [2013/09/20 02:06:01 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\AVG SafeGuard toolbar
    [2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\MFAData
    [2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2013
    [2013/09/20 01:53:49 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
    [2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/09/20 01:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
    [2013/09/20 01:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2013/09/14 02:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
    [2013/09/14 00:18:16 | 009,430,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/09/10 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Malwarebytes
    [2013/09/10 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/09/10 15:08:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/09/10 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Programs
    [2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
    [2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2013/09/09 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\ElevatedDiagnostics
    [2013/09/09 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6B27E3D2-E075-4B0E-B839-9FF806272759}
    [2013/09/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2C26F81D-94E8-4B4B-8C79-0DDDC3856805}
    [2013/09/08 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B0CADF31-0F99-4BAC-8828-34D4764E292D}
    [2013/09/06 18:07:57 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{3CBD13C3-FB36-497F-8605-1BC5B40BAE2D}
    [2013/09/06 16:13:39 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{CCCACE7C-803B-472A-AE05-5F3E8550EC27}
    [2013/09/05 12:32:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{F47994FE-B400-48C0-8DD8-9D2042DCF8E7}
    [2013/09/04 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{BC9E829B-15EE-4916-A258-EB6199515CA3}
    [2013/09/03 12:24:17 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{54083515-0C20-4142-ACCA-B642F05DCB7C}
    [2013/09/03 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{71122173-EF78-4805-89E7-A80AF90FE2F7}
    [2013/09/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{04FD0E9F-1878-4B89-B3D0-A886073DEC93}
    [2013/09/02 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{709FB825-020C-4599-8924-4B51C3126E13}
    [2013/09/01 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5E831CE3-20F0-4815-8341-F32BD90F54A7}
    [2013/09/01 16:32:50 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C95785C2-4345-4381-AA8B-DFBBDF0E3F2F}
    [2013/09/01 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{FF0F75BB-D6AA-4E04-A332-C3625E82A9B2}
    [2013/08/31 17:14:47 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2ACFF5F9-0274-4E4A-A443-16C2D72FE466}
    [2013/08/31 05:54:28 | 000,000,000 | -HSD | C] -- C:\found.001
    [2013/08/31 04:57:13 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6FD6E65-98B6-47B4-BC42-02E26C43DC9C}
    [2013/08/30 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{09B7B92C-2DD4-4279-A5A6-9794C2D74FFE}
    [2013/08/29 21:39:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{72879E4A-BEEC-4FDC-9D3E-75175B017388}
    [2013/08/29 09:39:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D1C84993-0761-489C-8087-2AC5C39B94F7}
    [2013/08/29 09:25:28 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{544B0070-6D1F-42DA-873C-5DCF349ECAA5}
    [2013/08/28 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{0097F932-5742-4F03-B69D-34571AC09FA0}
    [2013/08/27 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D8F78F22-0C93-4602-9DED-9897C14C133D}
    [2013/08/27 10:33:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5DF81C7F-0D4F-42CA-AA03-441C669D3E46}
    [2013/08/26 13:22:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6E0F50B-DC71-4C68-9B98-F8EA956ABEFC}
    [2013/08/25 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{31C911F9-FA47-46BC-A25F-51740D1EF669}
    [2013/08/25 01:02:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B997EA99-3213-4CC1-BB12-E4568E4EC043}
    [2013/08/24 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6638AA01-01D8-41C5-B1F4-A4DBB47C0F0B}
    [2013/08/23 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{286C1AF0-9616-41C5-8BFC-03ECBB30A015}
    [2013/08/23 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{1C3643BE-4EDD-4D7B-93D8-B2C6CA24879E}
    [2013/08/22 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{791D6605-F762-4EB4-AD03-E204FAC7EF8B}

    ========== Files - Modified Within 30 Days ==========

    [2013/09/20 17:38:40 | 000,660,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/09/20 17:38:40 | 000,148,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/09/20 17:38:40 | 000,005,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/09/20 17:32:07 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
    [2013/09/20 17:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/09/20 17:31:24 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
    [2013/09/20 16:51:12 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
    [2013/09/20 16:01:47 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{FA2F8BAD-1309-41A8-9109-5EB93D30D126}.job
    [2013/09/20 16:01:47 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{21F8C45C-2390-4B4C-871D-F95F77FBC090}.job
    [2013/09/20 16:01:46 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
    [2013/09/20 15:44:45 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/09/20 15:44:35 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/09/20 11:46:23 | 000,102,774 | ---- | M] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
    [2013/09/20 08:44:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
    [2013/09/20 04:42:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
    [2013/09/20 04:42:54 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/09/20 04:42:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/09/20 04:42:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/09/20 02:16:36 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/09/20 02:03:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
    [2013/09/20 02:03:06 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/09/20 01:55:00 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    [2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/18 21:03:57 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013/09/18 19:00:01 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2013/09/14 00:18:43 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/09/14 00:18:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/09/14 00:18:18 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    [2013/09/10 15:08:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/09/09 21:27:41 | 000,001,226 | ---- | M] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
    [2013/09/06 16:50:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job
    [2013/09/04 21:41:41 | 000,002,404 | ---- | M] () -- C:\Users\marizangela\Desktop\Google Chrome.lnk
    [2013/09/04 10:35:10 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job

    ========== Files Created - No Company Name ==========

    [2013/09/20 15:44:45 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
    [2013/09/20 15:44:45 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
    [2013/09/20 15:44:35 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    [2013/09/20 15:44:35 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    [2013/09/20 11:46:20 | 000,102,774 | ---- | C] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
    [2013/09/20 08:44:02 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
    [2013/09/20 01:52:16 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
    [2013/09/20 01:51:43 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
    [2013/09/18 21:03:57 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
    [2013/09/10 15:08:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2013/09/09 21:27:41 | 000,001,226 | ---- | C] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
    [2011/07/18 02:09:27 | 000,007,168 | ---- | C] () -- C:\Users\marizangela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/15 12:30:04 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DDD021B2-AB12-4517-BD0B-875E34B47D49}
    [2011/06/14 21:18:29 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{41F07D51-3C56-4175-915F-44B812118DBF}
    [2011/06/14 21:16:33 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{88218D66-235E-405C-90C7-4890A0A1E918}
    [2011/06/14 19:04:40 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{68E38D72-BD86-4F4B-813B-6B5D90825DF4}
    [2011/06/14 19:02:52 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{899E634D-3B54-461A-B8F2-1D32A77B75F4}
    [2011/06/14 16:07:46 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DEDB01C3-AF4C-4BB1-9565-0EC1DDBD6C67}
    [2011/06/14 16:05:56 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{65EF707C-9C62-4B40-9457-6727D38A4F27}
    [2011/06/14 15:29:03 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{B2D18342-B939-4D80-AE06-F8C5B855B20D}
    [2011/06/12 13:16:35 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{9131971D-475E-4433-B752-AA81A6A8D464}
    [2011/03/28 19:41:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

    ========== ZeroAccess Check ==========

    [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D1B5B4F1

    < End of report >




    OTL Extras logfile created on: 9/20/2013 5:35:23 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy

    3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
    7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS

    Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg


  • Registered Users Posts: 840 ✭✭✭jsa112


    download and run adwcleaner, post its log

    http://www.bleepingcomputer.com/download/adwcleaner/



    open OTL copy and paste this into the box


    :OTL
    IE - HKCU\..\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}: "URL" = http://search.babylon.com/?q={search...001c659da6a82d
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
    [2012/08/07 18:40:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com
    [2012/08/05 17:01:05 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell - "" = AutoRun
    O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell - "" = AutoRun
    O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
    O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe

    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click run fix post the log it gives


  • Advertisement
  • Registered Users Posts: 54 ✭✭brutus99


    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}\ not found.
    Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
    Prefs.js: ffxtlbr%40babylon.com:1.5.0 removed from extensions.enabledAddons
    Folder C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com\ not found.
    File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
    File C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0 not found.
    File C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0 not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
    File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
    File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
    File E:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
    File E:\AutoRun.exe not found.
    File RITY] not found.
    File PTYTEMP] not found.
    File PTYFLASH] not found.
    File SETHOSTS] not found.
    File PTYJAVA] not found.
    File EATERESTOREPOINT] not found.
    File boot] not found.

    OTL by OldTimer - Version 3.2.69.0 log created on 09222013_124505

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...



    is this the right log


  • Registered Users Posts: 840 ✭✭✭jsa112


    did you do the adwcleaner step ? its log should be at C:\


  • Registered Users Posts: 54 ✭✭brutus99


    # AdwCleaner v3.004 - Report created 20/09/2013 at 18:38:47
    # Updated 15/09/2013 by Xplode
    # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Username : marizangela - MARIZANGELA-PC
    # Running from : C:\Users\marizangela\Downloads\AdwCleaner.exe
    # Option : Scan

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
    File Found : C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
    File Found : C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
    File Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\pricepeep@getpricepeep.com.xpi
    File Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\GadgetBox.xml
    File Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\user.js
    File Found : C:\Users\marizangela\Desktop\iLivid.lnk
    File Found : C:\Users\marizangela\Desktop\Play Free Games.lnk
    File Found : C:\Users\marizangela\Desktop\Qtrax Player.lnk
    File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
    File Found : C:\Windows\System32\Tasks\Dealply
    File Found : C:\Windows\System32\Tasks\DealPlyUpdate
    File Found : C:\Windows\System32\Tasks\QtraxPlayer
    Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg
    Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
    Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Folder Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
    Folder Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\501e970cd2dc2@501e970cd2dfc.info
    Folder Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\ffxtlbr@babylon.com
    Folder Found C:\Program Files (x86)\BabylonToolbar
    Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Found C:\Program Files (x86)\DealPly
    Folder Found C:\Program Files (x86)\GadgetBox
    Folder Found C:\Program Files (x86)\optimizer pro
    Folder Found C:\Program Files (x86)\PricePeep
    Folder Found C:\Program Files (x86)\SweetIM
    Folder Found C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget
    Folder Found C:\ProgramData\Babylon
    Folder Found C:\ProgramData\GadgetBox
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WxDFast
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WxDFast
    Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
    Folder Found C:\ProgramData\Premium
    Folder Found C:\ProgramData\SweetIM
    Folder Found C:\ProgramData\wxDfast
    Folder Found C:\ProgramData\WxDFast
    Folder Found C:\Users\marizangela\AppData\Local\Ilivid
    Folder Found C:\Users\marizangela\AppData\Local\PackageAware
    Folder Found C:\Users\marizangela\AppData\LocalLow\boost_interprocess
    Folder Found C:\Users\marizangela\AppData\LocalLow\WxDFast
    Folder Found C:\Users\marizangela\AppData\LocalLow\wxDfast
    Folder Found C:\Users\marizangela\AppData\Roaming\Babylon
    Folder Found C:\Users\marizangela\AppData\Roaming\BabylonToolbar
    Folder Found C:\Users\marizangela\AppData\Roaming\DealPly
    Folder Found C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
    Folder Found C:\Users\marizangela\AppData\Roaming\optimizer pro
    Folder Found C:\Users\marizangela\AppData\Roaming\registry mechanic
    Folder Found C:\Users\marizangela\Qtrax

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Found : HKCU\Software\AppDataLow\Software\PricePeep
    Key Found : HKCU\Software\BabylonToolbar
    Key Found : HKCU\Software\DealPly
    Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Found : HKCU\Software\ilivid
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Babylon
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
    Key Found : HKCU\Software\Optimizer Pro
    Key Found : HKCU\Software\SProtector
    Key Found : [x64] HKCU\Software\BabylonToolbar
    Key Found : [x64] HKCU\Software\DealPly
    Key Found : [x64] HKCU\Software\ilivid
    Key Found : [x64] HKCU\Software\InstallCore
    Key Found : [x64] HKCU\Software\Microsoft\Babylon
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : [x64] HKCU\Software\Optimizer Pro
    Key Found : [x64] HKCU\Software\SProtector
    Key Found : HKLM\Software\AVG Security Toolbar
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\BabylonToolbar
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Found : HKLM\SOFTWARE\Classes\b
    Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
    Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
    Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
    Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
    Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
    Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Found : HKLM\SOFTWARE\Classes\S
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Found : HKLM\SOFTWARE\Classes\sim-packages
    Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Found : HKLM\Software\DealPly
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
    Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SProtector
    Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Found : HKLM\Software\SProtector
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.16611


    -\\ Mozilla Firefox v19.0.2 (pt-BR)

    [ File : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\prefs.js ]

    Line Found : user_pref("aol_toolbar.default.homepage.check", false);
    Line Found : user_pref("aol_toolbar.default.search.check", false);
    Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Line Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010812_hpdel_3112_5&babsrc=NT_ss&mntrId=7c4e86d40000000000001c659da6a82d");
    Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Found : user_pref("browser.search.defaultenginename,S", "GadgetBox");
    Line Found : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?q=");
    Line Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Line Found : user_pref("browser.search.order.1,S", "GadgetBox");
    Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Line Found : user_pref("browser.search.selectedEngine,S", "GadgetBox");
    Line Found : user_pref("extensions.501e970cd2e70.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
    Line Found : ltfriendfinder.com/go/page/iframe_cm_17851?pid=g1393935-pct\",\"120x:600\":\"hxxp://banners.adultfriendfinder.com/p/flash_banner.cgi?pid=g1393935-pct&no_click=1&sSiteName=ffadult&Banner_ID=1\",\"300x2[...]
    Line Found : user_pref("extensions.BabylonToolbar.admin", false);
    Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
    Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=113480&tt=010812_hpdel_3112_5");
    Line Found : user_pref("extensions.BabylonToolbar.babext", "babExt");
    Line Found : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
    Line Found : user_pref("extensions.BabylonToolbar.bbdpng", 13);
    Line Found : user_pref("extensions.BabylonToolbar.cntry", "IE");
    Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Line Found : user_pref("extensions.BabylonToolbar.dfltlng", "en");
    Line Found : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
    Line Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
    Line Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Line Found : user_pref("extensions.BabylonToolbar.firstrun", false);
    Line Found : user_pref("extensions.BabylonToolbar.hdrMd5", "B0EC7083FEE2BEB32891675D77F7CE3F");
    Line Found : user_pref("extensions.BabylonToolbar.hmpg", false);
    Line Found : user_pref("extensions.BabylonToolbar.hrdid", "7c4e86d40000000000001c659da6a82d");
    Line Found : user_pref("extensions.BabylonToolbar.id", "7c4e86d40000000000001c659da6a82d");
    Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15557");
    Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Line Found : user_pref("extensions.BabylonToolbar.instlday", "15557");
    Line Found : user_pref("extensions.BabylonToolbar.instlref", "sst");
    Line Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
    Line Found : user_pref("extensions.BabylonToolbar.keywordurl", "");
    Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.117:01:12");
    Line Found : user_pref("extensions.BabylonToolbar.lastdp", 13);
    Line Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
    Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
    Line Found : user_pref("extensions.BabylonToolbar.newtab", true);
    Line Found : user_pref("extensions.BabylonToolbar.newtaburl", "");
    Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
    Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
    Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Line Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
    Line Found : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
    Line Found : user_pref("extensions.BabylonToolbar.sg", "azb");
    Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
    Line Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
    Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Line Found : user_pref("extensions.BabylonToolbar.srcext", "ss");
    Line Found : user_pref("extensions.BabylonToolbar.srch", "");
    Line Found : user_pref("extensions.BabylonToolbar.srchprvdr", "");
    Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Line Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
    Line Found : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
    Line Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
    Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
    Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.117:01:12");
    Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
    Line Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.5.29.117:01:12");
    Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010812_hpdel_3112_5");
    Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "7c4e86d40000000000001c659da6a82d");
    Line Found : user_pref("extensions.BabylonToolbar_i.id", "7c4e86d40000000000001c659da6a82d");
    Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15525");
    Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=010812_hpdel_3112_5&babsrc=NT_ss&mntrId=7c4e86d40000000000001c659da6a82d");
    Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.117:01:12");
    Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Line Found : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.5.0,gadget%40gadgetbox:1.6,%7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2");
    Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
    Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
    Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
    Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
    Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
    Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
    Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

    -\\ Google Chrome v

    [ File : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Found : urls_to_restore_on_startup
    Found : urls_to_restore_on_startup

    *************************

    AdwCleaner[R0].txt - [30375 octets] - [20/09/2013 18:38:47]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [30436 octets] ##########

    this should be it


  • Registered Users Posts: 840 ✭✭✭jsa112


    let adwcleaner fix what it found. run a new mbam scan, is it still freezing ?


  • Registered Users Posts: 54 ✭✭brutus99


    I did that and I ran mbam it now runs for 23 seconds and detects 2 objects before freezing


  • Advertisement
  • Registered Users Posts: 840 ✭✭✭jsa112


    strange lets try a different scan, download and run combofix

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix


    post the log it gives.


  • Registered Users Posts: 54 ✭✭brutus99


    cheers jsa112 I will have to pick this up again in the morning I have to go to work and thanks again for your help. I will post the log up tomorrow


  • Registered Users Posts: 54 ✭✭brutus99


    hi JSA211 I have tried to run combofix but it keeps stopping at creating a restore point. I tried going into system restore just to see if I could access a restore point but I can't. Is there any way to run combofix without creating a restore point.


  • Registered Users Posts: 840 ✭✭✭jsa112


    try run combofix in safe mode


  • Registered Users Posts: 54 ✭✭brutus99


    i thought of that. no joy there either


  • Registered Users Posts: 840 ✭✭✭jsa112


    install malwarebytes anti-rootkit, update it and run a quick scan

    http://www.malwarebytes.org/products/mbar/


    does that run fully ?


  • Registered Users Posts: 54 ✭✭brutus99


    simple answer is NO. it finds 2 items of malware and then locks up


  • Registered Users Posts: 840 ✭✭✭jsa112


    download TFC, run it

    http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/


    restart, does mbam run then ?


    what security programs have you installed on your PC ?


Advertisement