Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi all! We have been experiencing an issue on site where threads have been missing the latest postings. The platform host Vanilla are working on this issue. A workaround that has been used by some is to navigate back from 1 to 10+ pages to re-sync the thread and this will then show the latest posts. Thanks, Mike.
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest
MBAM keeps stopping after detecting 47 issues in 29 seconds
-
19-09-2013 3:52pmHi guys I have a windows 7 laptop and it keeps saying that the hard drive is failing. I ran malwarebytes and it came up with 47 threats but stopped responding after 29 seconds. I have tried using the chameleon tool in malwarebytes but so far no joy. If anybody has any suggestions on how to get this running or has any info on what kind of malware this might be I would much appreciate it. thanks0
Comments
-
run mbam in safe mode, post the log here if it does work
if not, do this instead
Download OTL to your Desktop- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- Click the Quick Scan button. Do not change any settings. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files here
0 -
I am on my way to work thanks I will do that in the morning0
-
sorry it took so long but the laptop would not allow me o do it for a while.
OTL logfile created on: 9/20/2013 5:35:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/20 17:35:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marizangela\Downloads\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 07:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/20 01:52:57 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/09/14 00:18:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/13 21:18:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/21 11:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/06 14:43:06 | 001,850,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe -- (BecHelperService)
SRV - [2010/06/08 17:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 21:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/18 21:03:57 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/02 14:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/12/02 14:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/30 13:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/25 21:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/06 13:28:34 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/07/06 13:28:34 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/07/06 13:28:34 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010/06/18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 17:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/17 22:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 22:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 22:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 07:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 07:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 07:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_hpdel_3112_5&babsrc=SP_ss&mntrId=7c4e86d40000000000001c659da6a82d
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enIE425
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={8242FA9E-CB65-4A7C-8E0B-1052D05D7DE4}&mid=2cb9bfca179547d38c5547fa1e96c59c-083652ad71c58a7fdde908c8815f1d24325e80a4&lang=en&ds=re011&pr=sa&d=2013-09-20 01:53:53&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: gadget%40gadgetbox:1.6
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.order.3: "Bing "
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\marizangela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/06 23:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/09/20 01:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/13 21:18:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/24 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Extensions
[2013/04/27 10:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions
[2012/08/05 16:41:49 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/08/05 17:01:26 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\501e970cd2dc2@501e970cd2dfc.info
[2012/08/07 18:40:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com
[2012/08/05 17:01:26 | 000,000,000 | ---D | M] (GadgetBox) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\gadget@gadgetbox
[2013/04/03 23:47:22 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\pricepeep@getpricepeep.com.xpi
[2013/04/27 10:33:50 | 000,002,402 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\bingp.xml
[2012/08/05 16:54:55 | 000,000,487 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\GadgetBox.xml
[2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/13 21:18:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/05 17:01:05 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/03/07 19:40:54 | 000,001,240 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2013/03/07 19:40:54 | 000,001,425 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2013/09/20 01:54:21 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/03/13 11:21:05 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/03/07 19:40:54 | 000,001,381 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/03/07 19:40:54 | 000,001,165 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
========== Chrome ==========
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=pt-BR&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://br.msn.com/?pc=UP21&ocid=UP21DHP&dt=042713
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2011/08/09 03:42:10 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [Facebook Update] C:\Users\marizangela\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MX Skype Recorder] "C:\ProgramData\MXSkypeRecorder\MXSkypeRecorder.exe" /autorun File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF8628A-C02E-4004-8CA2-FB11E8CF8DF4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/20 15:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/20 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/20 15:44:32 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/20 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/20 14:52:54 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2014
[2013/09/20 14:26:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\Desktop\RK_Quarantine
[2013/09/20 02:06:01 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\AVG SafeGuard toolbar
[2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\MFAData
[2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2013
[2013/09/20 01:53:49 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/20 01:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/09/20 01:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/14 02:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/09/14 00:18:16 | 009,430,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/10 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Malwarebytes
[2013/09/10 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 15:08:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/10 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Programs
[2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/09/09 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\ElevatedDiagnostics
[2013/09/09 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6B27E3D2-E075-4B0E-B839-9FF806272759}
[2013/09/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2C26F81D-94E8-4B4B-8C79-0DDDC3856805}
[2013/09/08 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B0CADF31-0F99-4BAC-8828-34D4764E292D}
[2013/09/06 18:07:57 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{3CBD13C3-FB36-497F-8605-1BC5B40BAE2D}
[2013/09/06 16:13:39 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{CCCACE7C-803B-472A-AE05-5F3E8550EC27}
[2013/09/05 12:32:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{F47994FE-B400-48C0-8DD8-9D2042DCF8E7}
[2013/09/04 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{BC9E829B-15EE-4916-A258-EB6199515CA3}
[2013/09/03 12:24:17 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{54083515-0C20-4142-ACCA-B642F05DCB7C}
[2013/09/03 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{71122173-EF78-4805-89E7-A80AF90FE2F7}
[2013/09/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{04FD0E9F-1878-4B89-B3D0-A886073DEC93}
[2013/09/02 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{709FB825-020C-4599-8924-4B51C3126E13}
[2013/09/01 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5E831CE3-20F0-4815-8341-F32BD90F54A7}
[2013/09/01 16:32:50 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C95785C2-4345-4381-AA8B-DFBBDF0E3F2F}
[2013/09/01 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{FF0F75BB-D6AA-4E04-A332-C3625E82A9B2}
[2013/08/31 17:14:47 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2ACFF5F9-0274-4E4A-A443-16C2D72FE466}
[2013/08/31 05:54:28 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/08/31 04:57:13 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6FD6E65-98B6-47B4-BC42-02E26C43DC9C}
[2013/08/30 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{09B7B92C-2DD4-4279-A5A6-9794C2D74FFE}
[2013/08/29 21:39:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{72879E4A-BEEC-4FDC-9D3E-75175B017388}
[2013/08/29 09:39:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D1C84993-0761-489C-8087-2AC5C39B94F7}
[2013/08/29 09:25:28 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{544B0070-6D1F-42DA-873C-5DCF349ECAA5}
[2013/08/28 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{0097F932-5742-4F03-B69D-34571AC09FA0}
[2013/08/27 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D8F78F22-0C93-4602-9DED-9897C14C133D}
[2013/08/27 10:33:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5DF81C7F-0D4F-42CA-AA03-441C669D3E46}
[2013/08/26 13:22:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6E0F50B-DC71-4C68-9B98-F8EA956ABEFC}
[2013/08/25 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{31C911F9-FA47-46BC-A25F-51740D1EF669}
[2013/08/25 01:02:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B997EA99-3213-4CC1-BB12-E4568E4EC043}
[2013/08/24 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6638AA01-01D8-41C5-B1F4-A4DBB47C0F0B}
[2013/08/23 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{286C1AF0-9616-41C5-8BFC-03ECBB30A015}
[2013/08/23 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{1C3643BE-4EDD-4D7B-93D8-B2C6CA24879E}
[2013/08/22 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{791D6605-F762-4EB4-AD03-E204FAC7EF8B}
========== Files - Modified Within 30 Days ==========
[2013/09/20 17:38:40 | 000,660,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/20 17:38:40 | 000,148,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/20 17:38:40 | 000,005,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/20 17:32:07 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/09/20 17:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 17:31:24 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 16:51:12 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/09/20 16:01:47 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{FA2F8BAD-1309-41A8-9109-5EB93D30D126}.job
[2013/09/20 16:01:47 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{21F8C45C-2390-4B4C-871D-F95F77FBC090}.job
[2013/09/20 16:01:46 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
[2013/09/20 15:44:45 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/09/20 15:44:35 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/20 11:46:23 | 000,102,774 | ---- | M] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
[2013/09/20 08:44:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
[2013/09/20 04:42:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
[2013/09/20 04:42:54 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 04:42:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 04:42:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 02:16:36 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 02:03:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/09/20 02:03:06 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/20 01:55:00 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/18 21:03:57 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/18 19:00:01 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013/09/14 00:18:43 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/14 00:18:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/14 00:18:18 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/10 15:08:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 21:27:41 | 000,001,226 | ---- | M] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
[2013/09/06 16:50:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job
[2013/09/04 21:41:41 | 000,002,404 | ---- | M] () -- C:\Users\marizangela\Desktop\Google Chrome.lnk
[2013/09/04 10:35:10 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job
========== Files Created - No Company Name ==========
[2013/09/20 15:44:45 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/09/20 15:44:35 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/20 15:44:35 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/20 11:46:20 | 000,102,774 | ---- | C] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
[2013/09/20 08:44:02 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
[2013/09/20 01:52:16 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2013/09/20 01:51:43 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/09/18 21:03:57 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/10 15:08:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 21:27:41 | 000,001,226 | ---- | C] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
[2011/07/18 02:09:27 | 000,007,168 | ---- | C] () -- C:\Users\marizangela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 12:30:04 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DDD021B2-AB12-4517-BD0B-875E34B47D49}
[2011/06/14 21:18:29 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{41F07D51-3C56-4175-915F-44B812118DBF}
[2011/06/14 21:16:33 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{88218D66-235E-405C-90C7-4890A0A1E918}
[2011/06/14 19:04:40 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{68E38D72-BD86-4F4B-813B-6B5D90825DF4}
[2011/06/14 19:02:52 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{899E634D-3B54-461A-B8F2-1D32A77B75F4}
[2011/06/14 16:07:46 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DEDB01C3-AF4C-4BB1-9565-0EC1DDBD6C67}
[2011/06/14 16:05:56 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{65EF707C-9C62-4B40-9457-6727D38A4F27}
[2011/06/14 15:29:03 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{B2D18342-B939-4D80-AE06-F8C5B855B20D}
[2011/06/12 13:16:35 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{9131971D-475E-4433-B752-AA81A6A8D464}
[2011/03/28 19:41:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 9/20/2013 5:35:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 20 -
sorry it took so long but the laptop would not allow me o do it for a while.
OTL logfile created on: 9/20/2013 5:35:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/20 17:35:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\marizangela\Downloads\OTL.exe
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/18 06:10:14 | 000,258,048 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/02/03 07:13:10 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Stopped] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2009/06/09 15:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2009/03/03 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/09/20 01:52:57 | 001,616,048 | ---- | M] (AVG Secure Search) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe -- (vToolbarUpdater15.4.0)
SRV - [2013/09/14 00:18:47 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/15 15:27:46 | 003,289,208 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/03/13 21:18:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/21 11:23:14 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/18 15:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Stopped] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/03/15 22:27:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/03/15 15:56:18 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/06 14:43:06 | 001,850,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Broadband to Go\Broadband to Go\BecHelperService.exe -- (BecHelperService)
SRV - [2010/06/08 17:49:30 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/03 21:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/09/18 21:03:57 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/01/20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/29 03:28:28 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/02 14:36:42 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010/12/02 14:36:40 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/30 13:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/25 21:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/12 17:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/06 13:28:34 | 000,246,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/07/06 13:28:34 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/07/06 13:28:34 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2010/06/18 06:10:14 | 000,515,584 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/06/08 17:33:14 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/17 22:44:44 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/03/17 22:41:48 | 000,325,152 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/03/17 22:29:52 | 000,232,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 07:13:08 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2010/02/03 07:13:08 | 000,020,984 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmvwl64.sys -- (BcmVWL)
DRV:64bit: - [2010/02/03 07:13:06 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/09/17 19:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKLM\..\SearchScopes,DefaultScope = {80c554b9-c7f8-4a21-9471-06d606da78a2}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{80c554b9-c7f8-4a21-9471-06d606da78a2}: "URL" = http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSSE
IE - HKLM\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=MSSE
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=113480&tt=010812_hpdel_3112_5&babsrc=SP_ss&mntrId=7c4e86d40000000000001c659da6a82d
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPT_enIE425
IE - HKCU\..\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://search.gboxapp.com/?q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://br.search.yahoo.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010006&q={searchTerms}&barid={9AB2949C-3AF4-4C01-837D-B7FCC2AB9AB6}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = localhost:21320
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultenginename,S: S", "GadgetBox"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://search.gboxapp.com/?q="
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1,S: S", "GadgetBox"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine,S: S", "GadgetBox"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg.com/?cid={8242FA9E-CB65-4A7C-8E0B-1052D05D7DE4}&mid=2cb9bfca179547d38c5547fa1e96c59c-083652ad71c58a7fdde908c8815f1d24325e80a4&lang=en&ds=re011&pr=sa&d=2013-09-20 01:53:53&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
FF - prefs.js..extensions.enabledAddons: gadget%40gadgetbox:1.6
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=042713&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - prefs.js..browser.search.order.3: "Bing "
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\marizangela\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\marizangela\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/06 23:33:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\15.4.0.5 [2013/09/20 01:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/03/13 21:18:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2012/06/24 19:14:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Extensions
[2013/04/27 10:32:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions
[2012/08/05 16:41:49 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012/08/05 17:01:26 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\501e970cd2dc2@501e970cd2dfc.info
[2012/08/07 18:40:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com
[2012/08/05 17:01:26 | 000,000,000 | ---D | M] (GadgetBox) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\gadget@gadgetbox
[2013/04/03 23:47:22 | 000,053,943 | ---- | M] () (No name found) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\pricepeep@getpricepeep.com.xpi
[2013/04/27 10:33:50 | 000,002,402 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\bingp.xml
[2012/08/05 16:54:55 | 000,000,487 | ---- | M] () -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\GadgetBox.xml
[2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/04/27 10:33:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/04/27 10:33:31 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/03/13 21:18:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/05 17:01:05 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2013/03/07 19:40:54 | 000,001,240 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\buscape.xml
[2013/03/07 19:40:54 | 000,001,425 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\mercadolivre.xml
[2013/09/20 01:54:21 | 000,003,725 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/03/13 11:21:05 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/03/07 19:40:54 | 000,001,381 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-br.xml
[2013/03/07 19:40:54 | 000,001,165 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-br.xml
========== Chrome ==========
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=pt-BR&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://br.msn.com/?pc=UP21&ocid=UP21DHP&dt=042713
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\marizangela\AppData\Local\Google\Chrome\Application\29.0.1547.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\marizangela\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: YouTube = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Pesquisa do Google = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: DealPly = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.5.3.0_0\
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\Copy of
CHR - Extension: SweetIM for Facebook = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.0.0.0_0\
CHR - Extension: wxDfast = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg\1.0_0\
CHR - Extension: PricePeep = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.2.0.1_0\
CHR - Extension: Skype Click to Call = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.8.0.12323_0\
CHR - Extension: AVG SafeGuard = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.4.0.5_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2011/08/09 03:42:10 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files (x86)\PricePeep\pricepeep.dll (PricePeep)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (GagetBox) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll (GadgetBox)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe (Dell Inc.)
O4 - HKLM..\Run: [RMAlert] C:\Program Files (x86)\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKCU..\Run: [Facebook Update] C:\Users\marizangela\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [MX Skype Recorder] "C:\ProgramData\MXSkypeRecorder\MXSkypeRecorder.exe" /autorun File not found
O4 - HKLM..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF8628A-C02E-4004-8CA2-FB11E8CF8DF4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.4.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (c:\progra~2\sprote~1\sprote~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/20 15:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/09/20 15:44:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/09/20 15:44:32 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/09/20 15:44:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/09/20 14:52:54 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2014
[2013/09/20 14:26:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\Desktop\RK_Quarantine
[2013/09/20 02:06:01 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\AVG SafeGuard toolbar
[2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\MFAData
[2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/09/20 01:54:37 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Avg2013
[2013/09/20 01:53:49 | 000,045,856 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/09/20 01:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/20 01:53:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/09/20 01:52:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/14 02:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2013/09/14 00:18:16 | 009,430,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/10 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Malwarebytes
[2013/09/10 15:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/10 15:08:32 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/10 15:08:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\Programs
[2013/09/10 15:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/09/09 21:27:41 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/09/09 21:08:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\ElevatedDiagnostics
[2013/09/09 19:02:24 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6B27E3D2-E075-4B0E-B839-9FF806272759}
[2013/09/09 18:45:15 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2C26F81D-94E8-4B4B-8C79-0DDDC3856805}
[2013/09/08 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B0CADF31-0F99-4BAC-8828-34D4764E292D}
[2013/09/06 18:07:57 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{3CBD13C3-FB36-497F-8605-1BC5B40BAE2D}
[2013/09/06 16:13:39 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{CCCACE7C-803B-472A-AE05-5F3E8550EC27}
[2013/09/05 12:32:07 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{F47994FE-B400-48C0-8DD8-9D2042DCF8E7}
[2013/09/04 09:12:43 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{BC9E829B-15EE-4916-A258-EB6199515CA3}
[2013/09/03 12:24:17 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{54083515-0C20-4142-ACCA-B642F05DCB7C}
[2013/09/03 12:15:23 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{71122173-EF78-4805-89E7-A80AF90FE2F7}
[2013/09/03 12:05:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{04FD0E9F-1878-4B89-B3D0-A886073DEC93}
[2013/09/02 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{709FB825-020C-4599-8924-4B51C3126E13}
[2013/09/01 16:47:49 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5E831CE3-20F0-4815-8341-F32BD90F54A7}
[2013/09/01 16:32:50 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C95785C2-4345-4381-AA8B-DFBBDF0E3F2F}
[2013/09/01 16:26:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{FF0F75BB-D6AA-4E04-A332-C3625E82A9B2}
[2013/08/31 17:14:47 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{2ACFF5F9-0274-4E4A-A443-16C2D72FE466}
[2013/08/31 05:54:28 | 000,000,000 | -HSD | C] -- C:\found.001
[2013/08/31 04:57:13 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6FD6E65-98B6-47B4-BC42-02E26C43DC9C}
[2013/08/30 11:21:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{09B7B92C-2DD4-4279-A5A6-9794C2D74FFE}
[2013/08/29 21:39:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{72879E4A-BEEC-4FDC-9D3E-75175B017388}
[2013/08/29 09:39:03 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D1C84993-0761-489C-8087-2AC5C39B94F7}
[2013/08/29 09:25:28 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{544B0070-6D1F-42DA-873C-5DCF349ECAA5}
[2013/08/28 10:58:11 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{0097F932-5742-4F03-B69D-34571AC09FA0}
[2013/08/27 22:34:08 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{D8F78F22-0C93-4602-9DED-9897C14C133D}
[2013/08/27 10:33:31 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{5DF81C7F-0D4F-42CA-AA03-441C669D3E46}
[2013/08/26 13:22:59 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{C6E0F50B-DC71-4C68-9B98-F8EA956ABEFC}
[2013/08/25 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{31C911F9-FA47-46BC-A25F-51740D1EF669}
[2013/08/25 01:02:51 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{B997EA99-3213-4CC1-BB12-E4568E4EC043}
[2013/08/24 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{6638AA01-01D8-41C5-B1F4-A4DBB47C0F0B}
[2013/08/23 16:52:42 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{286C1AF0-9616-41C5-8BFC-03ECBB30A015}
[2013/08/23 09:53:58 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{1C3643BE-4EDD-4D7B-93D8-B2C6CA24879E}
[2013/08/22 16:45:27 | 000,000,000 | ---D | C] -- C:\Users\marizangela\AppData\Local\{791D6605-F762-4EB4-AD03-E204FAC7EF8B}
========== Files - Modified Within 30 Days ==========
[2013/09/20 17:38:40 | 000,660,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/20 17:38:40 | 000,148,648 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/20 17:38:40 | 000,005,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/20 17:32:07 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/09/20 17:32:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/20 17:31:24 | 3062,915,072 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/20 16:51:12 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/09/20 16:01:47 | 000,000,356 | -H-- | M] () -- C:\Windows\tasks\WxDFastUpdaterTask{FA2F8BAD-1309-41A8-9109-5EB93D30D126}.job
[2013/09/20 16:01:47 | 000,000,338 | -H-- | M] () -- C:\Windows\tasks\GBoxUpdaterTask{21F8C45C-2390-4B4C-871D-F95F77FBC090}.job
[2013/09/20 16:01:46 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
[2013/09/20 15:44:45 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/09/20 15:44:35 | 000,001,341 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/20 11:46:23 | 000,102,774 | ---- | M] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
[2013/09/20 08:44:02 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
[2013/09/20 04:42:54 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000UA.job
[2013/09/20 04:42:54 | 000,001,078 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/20 04:42:54 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/20 04:42:51 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 02:16:36 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/20 02:03:10 | 000,000,296 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/09/20 02:03:06 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/20 01:55:00 | 000,001,770 | ---- | M] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2013/09/20 01:52:57 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/18 21:03:57 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/18 19:00:01 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2013/09/14 00:18:43 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/14 00:18:43 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/14 00:18:18 | 009,430,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013/09/10 15:08:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 21:27:41 | 000,001,226 | ---- | M] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
[2013/09/06 16:50:48 | 000,001,050 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job
[2013/09/04 21:41:41 | 000,002,404 | ---- | M] () -- C:\Users\marizangela\Desktop\Google Chrome.lnk
[2013/09/04 10:35:10 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3918483484-4229193767-397009163-1000Core.job
========== Files Created - No Company Name ==========
[2013/09/20 15:44:45 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/09/20 15:44:45 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/09/20 15:44:35 | 000,001,353 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/09/20 15:44:35 | 000,001,341 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/09/20 11:46:20 | 000,102,774 | ---- | C] () -- C:\Users\marizangela\Documents\cc_20130920_114615.reg
[2013/09/20 08:44:02 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{5DA806EC-BEED-4072-8271-D8A7AB0F8374}.job
[2013/09/20 01:52:16 | 000,001,770 | ---- | C] () -- C:\Users\Public\Desktop\Resume Reimage Repair Installation.lnk
[2013/09/20 01:51:43 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
[2013/09/18 21:03:57 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/09/10 15:08:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/09 21:27:41 | 000,001,226 | ---- | C] () -- C:\Users\marizangela\Desktop\Revo Uninstaller.lnk
[2011/07/18 02:09:27 | 000,007,168 | ---- | C] () -- C:\Users\marizangela\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/15 12:30:04 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DDD021B2-AB12-4517-BD0B-875E34B47D49}
[2011/06/14 21:18:29 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{41F07D51-3C56-4175-915F-44B812118DBF}
[2011/06/14 21:16:33 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{88218D66-235E-405C-90C7-4890A0A1E918}
[2011/06/14 19:04:40 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{68E38D72-BD86-4F4B-813B-6B5D90825DF4}
[2011/06/14 19:02:52 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{899E634D-3B54-461A-B8F2-1D32A77B75F4}
[2011/06/14 16:07:46 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{DEDB01C3-AF4C-4BB1-9565-0EC1DDBD6C67}
[2011/06/14 16:05:56 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{65EF707C-9C62-4B40-9457-6727D38A4F27}
[2011/06/14 15:29:03 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{B2D18342-B939-4D80-AE06-F8C5B855B20D}
[2011/06/12 13:16:35 | 000,000,000 | ---- | C] () -- C:\Users\marizangela\AppData\Local\{9131971D-475E-4433-B752-AA81A6A8D464}
[2011/03/28 19:41:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== ZeroAccess Check ==========
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Alternate Data Streams ==========
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
OTL Extras logfile created on: 9/20/2013 5:35:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\marizangela\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Brazil | Language: PTB | Date Format: dd/MM/yyyy
3.80 Gb Total Physical Memory | 2.99 Gb Available Physical Memory | 78.51% Memory free
7.61 Gb Paging File | 6.82 Gb Available in Paging File | 89.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 283.34 Gb Total Space | 209.41 Gb Free Space | 73.91% Space Free | Partition Type: NTFS
Computer Name: MARIZANGELA-PC | User Name: marizangela | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg0 -
download and run adwcleaner, post its log
http://www.bleepingcomputer.com/download/adwcleaner/
open OTL copy and paste this into the box
:OTL
IE - HKCU\..\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}: "URL" = http://search.babylon.com/?q={search...001c659da6a82d
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.5.0
[2012/08/07 18:40:50 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com
[2012/08/05 17:01:05 | 000,002,362 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
CHR - Extension: Babylon Toolbar = C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0\
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon BHO)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon Ltd.)
O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell - "" = AutoRun
O33 - MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell - "" = AutoRun
O33 - MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
O33 - MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell - "" = AutoRun
O33 - MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
click run fix post the log it gives0 -
Advertisement
-
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39D68FD3-DB96-459C-A3F2-81CCFBD5130B}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: ffxtlbr%40babylon.com:1.5.0 removed from extensions.enabledAddons
Folder C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\extensions\ffxtlbr@babylon.com\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml not found.
File C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0 not found.
File C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.11_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ not found.
File C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23c3dee9-6449-11e0-9dda-b82722aeef1e}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcf05fd8-2e29-11e1-be0b-001e101fa1f5}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db7eb-592c-11e0-936d-1c659da6a82d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f94db933-592c-11e0-936d-1c659da6a82d}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
File RITY] not found.
File PTYTEMP] not found.
File PTYFLASH] not found.
File SETHOSTS] not found.
File PTYJAVA] not found.
File EATERESTOREPOINT] not found.
File boot] not found.
OTL by OldTimer - Version 3.2.69.0 log created on 09222013_124505
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
is this the right log0 -
did you do the adwcleaner step ? its log should be at C:\0
-
# AdwCleaner v3.004 - Report created 20/09/2013 at 18:38:47
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : marizangela - MARIZANGELA-PC
# Running from : C:\Users\marizangela\Downloads\AdwCleaner.exe
# Option : Scan
***** [ Services ] *****
***** [ Files / Folders ] *****
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax Player.lnk
File Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\pricepeep@getpricepeep.com.xpi
File Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\searchplugins\GadgetBox.xml
File Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\user.js
File Found : C:\Users\marizangela\Desktop\iLivid.lnk
File Found : C:\Users\marizangela\Desktop\Play Free Games.lnk
File Found : C:\Users\marizangela\Desktop\Qtrax Player.lnk
File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
File Found : C:\Windows\System32\Tasks\Dealply
File Found : C:\Windows\System32\Tasks\DealPlyUpdate
File Found : C:\Windows\System32\Tasks\QtraxPlayer
Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg
Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Folder Found : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\501e970cd2dc2@501e970cd2dfc.info
Folder Found : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\Extensions\ffxtlbr@babylon.com
Folder Found C:\Program Files (x86)\BabylonToolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\DealPly
Folder Found C:\Program Files (x86)\GadgetBox
Folder Found C:\Program Files (x86)\optimizer pro
Folder Found C:\Program Files (x86)\PricePeep
Folder Found C:\Program Files (x86)\SweetIM
Folder Found C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\GadgetBox
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WxDFast
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WxDFast
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\wxDfast
Folder Found C:\ProgramData\Premium
Folder Found C:\ProgramData\SweetIM
Folder Found C:\ProgramData\wxDfast
Folder Found C:\ProgramData\WxDFast
Folder Found C:\Users\marizangela\AppData\Local\Ilivid
Folder Found C:\Users\marizangela\AppData\Local\PackageAware
Folder Found C:\Users\marizangela\AppData\LocalLow\boost_interprocess
Folder Found C:\Users\marizangela\AppData\LocalLow\WxDFast
Folder Found C:\Users\marizangela\AppData\LocalLow\wxDfast
Folder Found C:\Users\marizangela\AppData\Roaming\Babylon
Folder Found C:\Users\marizangela\AppData\Roaming\BabylonToolbar
Folder Found C:\Users\marizangela\AppData\Roaming\DealPly
Folder Found C:\Users\marizangela\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Qtrax
Folder Found C:\Users\marizangela\AppData\Roaming\optimizer pro
Folder Found C:\Users\marizangela\AppData\Roaming\registry mechanic
Folder Found C:\Users\marizangela\Qtrax
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Found : HKCU\Software\AppDataLow\Software\PricePeep
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\DealPly
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Babylon
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\SProtector
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\DealPly
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Babylon
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\SProtector
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Found : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Found : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\DealPly
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kncjbaidjdjoelnijnmmkiieffgebpfg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA74FE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0965F857-DAAD-4F93-8054-0E2EC3C8C5B0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4183178B-4D4E-48A7-9257-454BA90A760E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4F4C5E11-0612-48D2-8055-987992AAC432}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PricePeep
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SProtector
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\SProtector
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16611
-\\ Mozilla Firefox v19.0.2 (pt-BR)
[ File : C:\Users\marizangela\AppData\Roaming\Mozilla\Firefox\Profiles\ctzi0sau.default\prefs.js ]
Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Line Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&tt=010812_hpdel_3112_5&babsrc=NT_ss&mntrId=7c4e86d40000000000001c659da6a82d");
Line Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Found : user_pref("browser.search.defaultenginename,S", "GadgetBox");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.gboxapp.com/?q=");
Line Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Found : user_pref("browser.search.order.1,S", "GadgetBox");
Line Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Found : user_pref("browser.search.selectedEngine,S", "GadgetBox");
Line Found : user_pref("extensions.501e970cd2e70.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.location.hostname)>-1) return;}c[...]
Line Found : ltfriendfinder.com/go/page/iframe_cm_17851?pid=g1393935-pct\",\"120x:600\":\"hxxp://banners.adultfriendfinder.com/p/flash_banner.cgi?pid=g1393935-pct&no_click=1&sSiteName=ffadult&Banner_ID=1\",\"300x2[...]
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=113480&tt=010812_hpdel_3112_5");
Line Found : user_pref("extensions.BabylonToolbar.babext", "babExt");
Line Found : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Line Found : user_pref("extensions.BabylonToolbar.bbdpng", 13);
Line Found : user_pref("extensions.BabylonToolbar.cntry", "IE");
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Line Found : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Line Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.firstrun", false);
Line Found : user_pref("extensions.BabylonToolbar.hdrMd5", "B0EC7083FEE2BEB32891675D77F7CE3F");
Line Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Found : user_pref("extensions.BabylonToolbar.hrdid", "7c4e86d40000000000001c659da6a82d");
Line Found : user_pref("extensions.BabylonToolbar.id", "7c4e86d40000000000001c659da6a82d");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15557");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.instlday", "15557");
Line Found : user_pref("extensions.BabylonToolbar.instlref", "sst");
Line Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Line Found : user_pref("extensions.BabylonToolbar.keywordurl", "");
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.29.117:01:12");
Line Found : user_pref("extensions.BabylonToolbar.lastdp", 13);
Line Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.0");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newtab", true);
Line Found : user_pref("extensions.BabylonToolbar.newtaburl", "");
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Line Found : user_pref("extensions.BabylonToolbar.sg", "azb");
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Found : user_pref("extensions.BabylonToolbar.smplgrp", "azb");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar.srcext", "ss");
Line Found : user_pref("extensions.BabylonToolbar.srch", "");
Line Found : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Found : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Line Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.29.117:01:12");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Line Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.5.29.117:01:12");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=010812_hpdel_3112_5");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "7c4e86d40000000000001c659da6a82d");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "7c4e86d40000000000001c659da6a82d");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15525");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=010812_hpdel_3112_5&babsrc=NT_ss&mntrId=7c4e86d40000000000001c659da6a82d");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.117:01:12");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.enabledAddons", "ffxtlbr%40babylon.com:1.5.0,gadget%40gadgetbox:1.6,%7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v
[ File : C:\Users\marizangela\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [30375 octets] - [20/09/2013 18:38:47]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [30436 octets] ##########
this should be it0 -
let adwcleaner fix what it found. run a new mbam scan, is it still freezing ?0
-
I did that and I ran mbam it now runs for 23 seconds and detects 2 objects before freezing0
-
Advertisement
-
strange lets try a different scan, download and run combofix
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
post the log it gives.0 -
cheers jsa112 I will have to pick this up again in the morning I have to go to work and thanks again for your help. I will post the log up tomorrow0
-
hi JSA211 I have tried to run combofix but it keeps stopping at creating a restore point. I tried going into system restore just to see if I could access a restore point but I can't. Is there any way to run combofix without creating a restore point.0
-
try run combofix in safe mode0
-
i thought of that. no joy there either0
-
install malwarebytes anti-rootkit, update it and run a quick scan
http://www.malwarebytes.org/products/mbar/
does that run fully ?0 -
simple answer is NO. it finds 2 items of malware and then locks up0
-
download TFC, run it
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
restart, does mbam run then ?
what security programs have you installed on your PC ?0
Advertisement