ore262
-
Content Count
44 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by ore262
-
-
Here's the log Chuck,
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1B4F174C-375B-4D8B-A5BF-C2B4BC4620B0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B4F174C-375B-4D8B-A5BF-C2B4BC4620B0}\ not found.
Registry key HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\{679C7044-B36E-4D32-8253-B3F7336DA938}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{679C7044-B36E-4D32-8253-B3F7336DA938}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@talk.google.com/O1DPlugin\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\META-INF folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\chrome folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions folder moved successfully.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: Administrator
User: All Users
User: Default
User: Default User
User: Oscar
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Oscar
->Flash cache emptied: 681 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Oscar
->Temp folder emptied: 129115750 bytes
->Temporary Internet Files folder emptied: 2302805 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36716061 bytes
->Google Chrome cache emptied: 391091143 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 7164432 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14919 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 540.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 03032014_134201
Files\Folders moved on Reboot...
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Have not seen a new problem, here's report:
OTL logfile created on: 3/3/2014 11:11:57 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.97% Memory free
7.71 Gb Paging File | 4.91 Gb Available in Paging File | 63.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 191.74 Gb Free Space | 68.61% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.13 Gb Free Space | 28.65% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/03 11:09:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.exe
PRC - [2014/02/22 23:10:58 | 000,064,384 | ---- | M] (Google) -- C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/15 06:43:34 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/15 06:43:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/06 09:10:09 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/02/05 14:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 17:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/20 21:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/01 17:59:47 | 000,181,760 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.219.1034.1_0\plugin\ace.dll
MOD - [2014/02/27 09:50:25 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/27 09:50:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/02/12 15:00:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 14:57:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 14:57:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 14:57:21 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 14:57:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 14:56:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 14:56:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 14:56:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/06 09:10:10 | 003,019,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/02/06 09:10:10 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/02/06 09:10:10 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2013/12/02 19:39:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/12/21 17:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/12/21 17:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/12/21 17:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/12/21 17:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/12/21 17:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/12/21 17:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/12/21 17:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/12/21 17:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/12/21 17:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/12/21 17:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/12/21 17:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/12/21 17:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/12/21 17:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/12/21 17:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/12/21 17:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/12/21 17:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/12/21 17:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/12/21 17:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/12/21 17:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/12/21 15:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/12/21 15:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/12/21 15:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/15 06:43:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/10 11:11:04 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/03/01 14:31:25 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\VSSVC.exe -- (VSS)
SRV - [2014/03/01 14:31:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2014/02/21 08:02:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 20:08:15 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 14:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe -- (Security Updates Service)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/02/24 19:57:19 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2014/02/15 06:43:39 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/02/15 06:43:38 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/15 06:43:38 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/15 06:43:38 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/07 14:44:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/02 19:39:35 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/02 19:39:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/10 11:10:40 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/10 11:07:40 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/10 11:07:17 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/03 03:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/05/23 01:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 01:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 01:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 22:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/05 02:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}
IE:64bit: - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope = {679C7044-B36E-4D32-8253-B3F7336DA938}
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{1B4F174C-375B-4D8B-A5BF-C2B4BC4620B0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{679C7044-B36E-4D32-8253-B3F7336DA938}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/19 17:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2014/02/15 13:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
[2014/02/25 19:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions
[2014/02/17 07:47:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/02/15 20:23:08 | 000,067,503 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\[email protected]
[2014/02/15 20:21:58 | 000,215,649 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\[email protected]
[2014/02/25 19:34:43 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/15 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 20:08:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/19 17:53:34 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: WOT = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.25_0\
CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_1\
CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_1\
CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: Hangouts = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.219.1034.1_0\
CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Google Wallet = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/03/01 10:06:51 | 000,606,796 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.egdating.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 18150 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/03 11:08:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.exe
[2014/03/02 19:38:36 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\{277BC8E4-6804-48AF-A05B-7057D896A72C}
[2014/03/01 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2014/03/01 12:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2014/03/01 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Hewlett-Packard_Developme
[2014/02/28 11:16:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Macrovision
[2014/02/28 11:15:54 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Sonic_Solutions
[2014/02/28 11:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2014/02/27 15:06:56 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\DRIVERS
[2014/02/27 10:56:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/27 09:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2014/02/27 09:45:08 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Roxio Log Files
[2014/02/27 09:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Telespree
[2014/02/27 09:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2014/02/27 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam
[2014/02/27 09:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2014/02/27 09:30:58 | 000,335,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2014/02/27 09:30:56 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2014/02/26 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2014/02/26 15:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2014/02/26 15:01:02 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/02/26 15:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/02/26 14:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2014/02/26 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Logitech
[2014/02/26 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Logishrd
[2014/02/26 08:00:30 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/26 08:00:29 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/25 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/02/25 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/02/23 16:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/02/23 14:03:19 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/02/23 14:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/02/22 19:09:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/22 19:09:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/22 19:09:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/22 19:09:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/22 19:09:13 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/22 19:09:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/22 19:09:12 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/22 19:09:12 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/22 19:09:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/22 19:09:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/22 19:09:12 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/22 19:09:11 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/22 19:09:10 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/22 19:09:10 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/22 19:09:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/02/22 19:09:08 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/02/22 19:08:04 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/02/22 19:08:04 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/02/19 18:32:08 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
[2014/02/19 07:25:07 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/02/17 18:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/02/17 17:40:29 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\RegRun2
[2014/02/17 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2014/02/17 15:35:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/17 09:39:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/02/16 08:20:13 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/16 08:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/16 08:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/16 08:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/16 07:59:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2014/02/16 07:59:41 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2014/02/14 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\ChromeTabExtension
[2014/02/14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/14 13:25:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/14 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/14 12:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/02/14 10:14:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/14 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Diagnostics
[2014/02/14 07:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/02/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOWTrojan Removal Tool
[2014/02/12 14:34:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 14:33:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 14:33:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 14:33:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 14:33:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 14:33:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 14:33:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 14:33:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 14:33:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 14:33:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 14:33:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 14:33:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 14:33:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 14:33:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 14:33:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 14:33:17 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 14:33:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 14:33:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 14:33:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 14:33:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 14:33:10 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 14:32:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 14:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 14:11:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 14:10:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 14:10:41 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 14:10:40 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 14:10:40 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 14:10:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 14:10:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 14:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/09 16:48:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/02/09 16:48:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/02/09 16:48:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/02/09 16:48:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/02/08 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wow search
[2014/02/08 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2014/02/07 12:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/06 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Updates Service
[2014/02/06 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\dwhelper
[2014/02/06 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/03 11:09:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.exe
[2014/03/03 10:52:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/03 10:46:03 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
[2014/03/03 10:21:05 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/03 07:21:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/03 06:39:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 06:39:38 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/03 06:32:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/03 06:32:01 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/02 17:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
[2014/03/02 09:49:38 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 09:26:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/03/02 09:08:11 | 000,272,437 | ---- | M] () -- C:\Users\Oscar\Desktop\SCREENSHOT.jpg
[2014/03/02 08:39:59 | 000,038,643 | ---- | M] () -- C:\Users\Oscar\Desktop\I LOVE YOU.jpg
[2014/03/02 08:38:40 | 000,059,791 | ---- | M] () -- C:\Users\Oscar\Desktop\SPIDER IN THE SHOWER.jpg
[2014/03/02 08:36:55 | 000,036,112 | ---- | M] () -- C:\Users\Oscar\Desktop\HUNTER S. THOMPSON.jpg
[2014/03/02 08:35:55 | 000,001,046 | ---- | M] () -- C:\Users\Oscar\Desktop\threats found - Shortcut.lnk
[2014/03/01 15:49:40 | 000,001,190 | ---- | M] () -- C:\Users\Oscar\Desktop\Naveed Ahmed - Shortcut.lnk
[2014/03/01 15:40:24 | 000,009,382 | ---- | M] () -- C:\Users\Oscar\Documents\WOT login.odt
[2014/03/01 14:52:03 | 000,685,801 | ---- | M] () -- C:\Users\Oscar\AppData\Local\census.cache
[2014/03/01 14:51:23 | 000,084,155 | ---- | M] () -- C:\Users\Oscar\AppData\Local\ars.cache
[2014/03/01 14:31:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\VSSVC.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\igfxpers.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\taskhost.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dwm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\winlogon.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\smss.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\services.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\lsm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\lsass.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\csrss.exe
[2014/03/01 14:19:12 | 000,000,010 | ---- | M] () -- C:\Users\Oscar\AppData\Local\sponge.last.runtime.cache
[2014/03/01 13:38:42 | 000,000,036 | ---- | M] () -- C:\Users\Oscar\AppData\Local\housecall.guid.cache
[2014/03/01 10:06:51 | 000,606,796 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/01 09:54:28 | 000,015,387 | ---- | M] () -- C:\Users\Oscar\Documents\credit card.ods
[2014/03/01 07:59:08 | 000,762,694 | ---- | M] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/03/01 07:58:26 | 001,290,554 | ---- | M] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/03/01 07:55:47 | 000,788,260 | ---- | M] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/03/01 07:55:34 | 000,108,326 | ---- | M] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/27 07:23:16 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/27 07:23:16 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/27 07:23:16 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 15:10:15 | 000,001,318 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/02/26 15:01:02 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/02/25 12:29:01 | 000,009,788 | ---- | M] () -- C:\Users\Oscar\Documents\WINDOWS 8 BIOS.odt
[2014/02/24 19:57:19 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192ce.sys
[2014/02/24 06:47:57 | 000,296,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/23 16:21:10 | 000,000,155 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/02/22 21:28:55 | 000,001,391 | ---- | M] () -- C:\Users\Oscar\Desktop\windows 8 product id AND INFO windows 8 - Shortcut (2).lnk
[2014/02/22 19:11:51 | 000,157,187 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140301-100651.backup
[2014/02/21 17:35:35 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/21 09:25:04 | 000,025,988 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods
[2014/02/21 08:02:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 08:02:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/19 18:32:08 | 000,001,233 | ---- | M] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/17 17:40:32 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2014/02/17 17:40:32 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/17 16:01:13 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/15 06:43:39 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/02/15 06:43:38 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/15 06:43:38 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/15 06:43:38 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/15 06:43:38 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/15 06:43:37 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/14 07:51:19 | 000,001,246 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/12 14:36:47 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 07:10:14 | 000,013,196 | ---- | M] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/06 18:21:09 | 000,002,074 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/02 09:49:38 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 09:05:54 | 000,272,437 | ---- | C] () -- C:\Users\Oscar\Desktop\SCREENSHOT.jpg
[2014/03/02 08:39:59 | 000,038,643 | ---- | C] () -- C:\Users\Oscar\Desktop\I LOVE YOU.jpg
[2014/03/02 08:38:39 | 000,059,791 | ---- | C] () -- C:\Users\Oscar\Desktop\SPIDER IN THE SHOWER.jpg
[2014/03/02 08:36:54 | 000,036,112 | ---- | C] () -- C:\Users\Oscar\Desktop\HUNTER S. THOMPSON.jpg
[2014/03/01 17:04:23 | 000,001,046 | ---- | C] () -- C:\Users\Oscar\Desktop\threats found - Shortcut.lnk
[2014/03/01 15:40:22 | 000,009,382 | ---- | C] () -- C:\Users\Oscar\Documents\WOT login.odt
[2014/03/01 14:52:03 | 000,685,801 | ---- | C] () -- C:\Users\Oscar\AppData\Local\census.cache
[2014/03/01 14:51:23 | 000,084,155 | ---- | C] () -- C:\Users\Oscar\AppData\Local\ars.cache
[2014/03/01 14:31:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\VSSVC.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxpers.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/03/01 14:19:12 | 000,000,010 | ---- | C] () -- C:\Users\Oscar\AppData\Local\sponge.last.runtime.cache
[2014/03/01 13:38:42 | 000,000,036 | ---- | C] () -- C:\Users\Oscar\AppData\Local\housecall.guid.cache
[2014/03/01 11:11:39 | 000,001,190 | ---- | C] () -- C:\Users\Oscar\Desktop\Naveed Ahmed - Shortcut.lnk
[2014/02/27 12:19:59 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/02/26 15:10:15 | 000,001,318 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/02/25 12:28:59 | 000,009,788 | ---- | C] () -- C:\Users\Oscar\Documents\WINDOWS 8 BIOS.odt
[2014/02/23 16:12:52 | 000,000,155 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/02/22 21:28:55 | 000,001,391 | ---- | C] () -- C:\Users\Oscar\Desktop\windows 8 product id AND INFO windows 8 - Shortcut (2).lnk
[2014/02/22 19:03:21 | 000,001,266 | ---- | C] () -- C:\Users\Oscar\Desktop\Windows Update.lnk
[2014/02/20 06:57:19 | 000,788,260 | ---- | C] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/20 06:57:18 | 000,108,326 | ---- | C] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/19 19:52:22 | 000,002,279 | ---- | C] () -- C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder - Shortcut.lnk
[2014/02/19 18:32:08 | 000,001,233 | ---- | C] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/18 06:43:21 | 001,290,554 | ---- | C] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/17 17:40:32 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2014/02/17 17:40:32 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/16 08:18:52 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/14 07:51:19 | 000,001,246 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/12 07:10:14 | 000,013,196 | ---- | C] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/08 18:42:58 | 000,762,694 | ---- | C] () -- C:\ProgramData\ChromeTabExtension.crx
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 17:56:07 | 000,008,704 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/25 17:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/21 18:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/06/10 19:18:18 | 000,003,215 | ---- | C] () -- C:\Users\Oscar\.swfinfo
[2012/06/03 11:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2012/05/26 12:42:39 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 12:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\2BrightSparks
[2013/10/09 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AffiliatedUpdate
[2012/12/04 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2013/12/02 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AVAST Software
[2012/09/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio
[2012/12/01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee
[2013/06/10 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software
[2013/07/09 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com
[2014/02/17 09:39:40 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IObit
[2014/02/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2013/12/19 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leawo
[2014/02/08 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
[2012/05/31 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
[2014/02/08 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice
[2014/02/08 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org
[2012/05/31 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
[2013/08/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player
[2013/05/09 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan
[2014/02/08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client
[2012/11/08 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Thunderbird
[2013/12/19 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\tiger-k
[2013/02/12 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software
[2014/02/08 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso
[2012/08/15 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent
[2012/05/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:84098FD3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >OTL Extras logfile created on: 3/3/2014 11:11:57 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.97 Gb Available Physical Memory | 50.97% Memory free
7.71 Gb Paging File | 4.91 Gb Available in Paging File | 63.63% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 191.74 Gb Free Space | 68.61% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.13 Gb Free Space | 28.65% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system |
"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system |
"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system |
"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 |
"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system |
"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{75F32678-0798-471F-95BB-416DFF3BA05D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{7F59762B-79F3-43AC-8EED-14FE6F4840C1}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{8232D0DA-18FA-4E7F-A1D2-42FBBA8E560E}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF9C23C5-F15D-4D42-93EB-A109E50E26F5}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 |
"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FA4B4A86-364D-48F3-B892-97BF5B237952}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}" = Python 2.7.6 (64-bit)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{e9d90870-ab19-32a8-aa93-f8348ba21d05}" = Python 3.3.3 (64-bit)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics TouchPad Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1" = VSO EVE Network Driver version 0.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86FD8326-909D-45F5-BB61-0619D0D31293}" = HP Support Solutions Framework
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{c32d80cc-20d1-386b-b1e2-cce219263394}" = Python 3.4.0b1
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE68200-4ED0-3E0A-A7F2-504897E356AB}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1" = VSO Downloader 3.1.0.50
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"Mozilla Thunderbird 24.3.0 (x86 en-US)" = Mozilla Thunderbird 24.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Should I Remove It 1.0.4" = Should I Remove It
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/2/2014 10:54:56 AM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
Error - 3/2/2014 03:16:46 PM | Computer Name = Oscar-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 3/2/2014 03:17:22 PM | Computer Name = Oscar-HP | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.
Error - 3/3/2014 07:32:30 AM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
Error - 3/3/2014 08:22:15 AM | Computer Name = Oscar-HP | Source = Customer Experience Improvement Program | ID = 1008
Description =
Error - 3/3/2014 10:11:01 AM | Computer Name = Oscar-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Program Files (x86)\ESET\ESET
Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ Hewlett-Packard Events ]
Error - 2/3/2013 09:02:00 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/4/2013 09:07:50 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 2/5/2013 09:11:52 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/6/2013 12:51:25 PM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/7/2013 09:39:27 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/8/2013 09:37:33 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/9/2013 10:15:55 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/10/2013 09:36:40 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/11/2013 09:34:08 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/12/2013 09:29:13 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
[ HP Connection Manager Events ]
Error - 3/2/2014 10:26:00 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:26:00.204|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:26:02 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:26:02.232|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:26:02 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:26:02.747|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:53:56 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:53:56.653|00000BA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:53:58 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:53:58.665|00000BA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:53:58 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:53:58.681|00000BA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 02:05:23 PM | Computer Name = Oscar-HP | Source = hpMobile | ID = 5
Description = 2014/03/02 13:05:23.859|000015D0|Error |[HP.Mobile]Wwan::<InternalIPAddressChangedEx>b__21{void()}|
Error - 3/2/2014 09:05:43 PM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 20:05:43.476|00001998|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 09:05:44 PM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 20:05:44.022|00001998|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 09:05:45 PM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 20:05:45.036|00001998|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Software Framework Events ]
Error - 12/5/2012 09:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2012/12/05 08:33:48.485|00001B44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/9/2013 09:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/09 08:43:12.852|00001760|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/16/2013 09:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/16 08:44:10.684|000015E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:42.137|000016B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:55.043|00001608|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:59.741|0000016C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5
Description = 2013/02/06 11:42:05.729|00001308|Error |ChpqWmiExModule::Start|StartServiceCtrlDispatcher
FAILED. Error: 1063
Error - 2/14/2013 09:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:12:11.528|00001DD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/14/2013 09:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:13:52.142|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/14/2013 09:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:14:10.925|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 3/2/2014 10:54:35 AM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126
Error - 3/2/2014 02:05:22 PM | Computer Name = Oscar-HP | Source = DCOM | ID = 10010
Description =
Error - 3/3/2014 07:32:11 AM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126
< End of report >
-
Removed these 2, Google talk plugin video renderer 5.15.17733, Google update 1.3.22.5. Problem seemed to start when Google update 1.3.22.5 was updated or installed
Everything else is disabled except adobe acrobat.
-
OK Chuck, will see what happens and update you.
Oscar
-
plugins in FF, I did my best to copy accurately, wish there was an easier way
Adobe acrobat 11.0.6.70
Google earth plugin 7.1.2.2041
Google talk plugin 5.15.17733
Google talk plugin video accelerator 0.1.44.29
Google talk plugin video renderer 5.15.17733
Google update 1.3.22.5
Java deployment toolkit 7.0.510.13 10.51.2.13 NPRuntime script plug-in library for Java Deploy (says vunerable use with caution)
Java platform SE 7 U51 10.51.2.13 Next generation Java plug-in 10.51.2 for mozilla browsers
Nokia suite enabler plugin 1.0.0.1 nokia suite enabler plugin
Shockwave Flash 12.0.0.70 shockwave flash 12.0 ro
Shockwave for director 12.0.9.149 adobe shockwave for director netscape plug-in, version 12.0.9.149
VLC Web plug in 2.1.3.0 vlc media player web plugin 2.1.3
Windows live photo gallery 15.4.3555.308 NPWLPG
-
Wow search changes FF search, Utop.it keeps trying to change home page in IE. Logs from suggested scans follow:
# AdwCleaner v3.020 - Report created 02/03/2014 at 09:25:34
# Updated 27/02/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Oscar - OSCAR-HP
# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0.1 (en-US)
[ File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\prefs.js ]
-\\ Google Chrome v33.0.1750.117
[ File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R10].txt - [1698 octets] - [23/02/2014 08:22:50]
AdwCleaner[R11].txt - [1819 octets] - [24/02/2014 13:42:11]
AdwCleaner[R12].txt - [1949 octets] - [26/02/2014 06:36:38]
AdwCleaner[R13].txt - [2106 octets] - [01/03/2014 14:52:36]
AdwCleaner[R14].txt - [2078 octets] - [01/03/2014 15:12:35]
AdwCleaner[R15].txt - [2014 octets] - [01/03/2014 15:16:32]
AdwCleaner[R16].txt - [2262 octets] - [01/03/2014 15:23:04]
AdwCleaner[R17].txt - [2426 octets] - [02/03/2014 09:17:46]
AdwCleaner[R18].txt - [2487 octets] - [02/03/2014 09:24:36]
AdwCleaner[R3].txt - [1290 octets] - [14/02/2014 15:41:59]
AdwCleaner[R4].txt - [1043 octets] - [16/02/2014 09:34:16]
AdwCleaner[R5].txt - [1636 octets] - [20/02/2014 19:39:35]
AdwCleaner[R6].txt - [1213 octets] - [20/02/2014 19:46:51]
AdwCleaner[R7].txt - [1334 octets] - [21/02/2014 08:29:23]
AdwCleaner[R8].txt - [1454 octets] - [21/02/2014 19:47:07]
AdwCleaner[R9].txt - [1574 octets] - [23/02/2014 07:40:20]
AdwCleaner[s10].txt - [2012 octets] - [26/02/2014 06:38:05]
AdwCleaner[s11].txt - [2170 octets] - [01/03/2014 14:53:45]
AdwCleaner[s12].txt - [2077 octets] - [01/03/2014 15:18:02]
AdwCleaner[s13].txt - [1927 octets] - [02/03/2014 09:25:34]
AdwCleaner[s2].txt - [1353 octets] - [14/02/2014 15:46:28]
AdwCleaner[s3].txt - [1630 octets] - [20/02/2014 19:42:06]
AdwCleaner[s4].txt - [1275 octets] - [20/02/2014 19:48:17]
AdwCleaner[s5].txt - [1395 octets] - [21/02/2014 08:30:38]
AdwCleaner[s6].txt - [1515 octets] - [21/02/2014 19:49:51]
AdwCleaner[s7].txt - [1635 octets] - [23/02/2014 07:41:34]
AdwCleaner[s8].txt - [1759 octets] - [23/02/2014 08:31:42]
AdwCleaner[s9].txt - [1880 octets] - [24/02/2014 13:43:42]
########## EOF - C:\AdwCleaner\AdwCleaner[s13].txt - [2468 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Oscar on Sun 03/02/2014 at 9:32:34.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{4411683A-E0A4-4106-87AE-0550D3B12A76}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{4CFE3840-4FD8-420F-B880-BB882BF10D49}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{A5D198CB-0050-473D-B50D-79479C304357}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{BDD02A1E-A8E6-4848-8339-883BD4545165}
~~~ FireFox
Emptied folder: C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\5c9vv1yl.default-1392513503432\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 03/02/2014 at 9:43:47.27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.03.02.06
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Oscar :: OSCAR-HP [administrator]
3/2/2014 09:58:35 AM
mbam-log-2014-03-02 (09-58-35).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236268
Time elapsed: 5 minute(s), 41 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL logfile created on: 3/2/2014 10:07:37 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 49.02% Memory free
7.71 Gb Paging File | 5.00 Gb Available in Paging File | 64.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 192.93 Gb Free Space | 69.03% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.13 Gb Free Space | 28.65% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/02 09:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.exe
PRC - [2014/02/22 23:10:58 | 000,064,384 | ---- | M] (Google) -- C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/02/19 20:03:06 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/02/15 20:08:16 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/02/15 06:43:34 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/02/15 06:43:34 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/02/05 14:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 17:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 17:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007/11/20 21:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/01 17:59:47 | 000,181,760 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.219.1034.1_0\plugin\ace.dll
MOD - [2014/02/27 09:50:25 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/27 09:50:25 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/19 20:03:05 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ppgooglenaclpluginchrome.dll
MOD - [2014/02/19 20:03:03 | 004,060,488 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\pdf.dll
MOD - [2014/02/19 20:02:59 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libglesv2.dll
MOD - [2014/02/19 20:02:58 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\libegl.dll
MOD - [2014/02/19 20:02:56 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\ffmpegsumo.dll
MOD - [2014/02/19 20:02:54 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\chrome_elf.dll
MOD - [2014/02/15 20:08:14 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 15:00:19 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 15:00:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 14:57:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 14:57:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 14:57:21 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 14:57:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 14:56:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 14:56:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 14:56:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2013/12/02 19:39:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/12/21 17:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/12/21 17:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/12/21 17:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/12/21 17:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/12/21 17:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/12/21 17:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/12/21 17:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/12/21 17:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/12/21 17:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/12/21 17:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/12/21 17:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/12/21 17:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/12/21 17:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/12/21 17:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/12/21 17:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/12/21 17:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/12/21 17:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/12/21 17:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/12/21 17:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/12/21 15:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/12/21 15:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/12/21 15:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/15 06:43:34 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/11/10 11:11:04 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/10/10 17:54:28 | 000,144,152 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/03/01 14:31:25 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\VSSVC.exe -- (VSS)
SRV - [2014/03/01 14:31:24 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\spoolsv.exe -- (Spooler)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (VaultSvc)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (SamSs)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (ProtectedStorage)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\lsass.exe -- (Netlogon)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [On_Demand | Running] -- C:\Windows\SysWOW64\lsass.exe -- (KeyIso)
SRV - [2014/03/01 14:31:09 | 000,000,000 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\lsass.exe -- (EFS)
SRV - [2014/02/21 08:02:13 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/02/15 20:08:15 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 14:39:00 | 000,047,416 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe -- (Security Updates Service)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/06/14 17:11:46 | 001,098,296 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/02/24 19:57:19 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2014/02/15 06:43:39 | 000,080,184 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/02/15 06:43:38 | 001,038,072 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/02/15 06:43:38 | 000,421,704 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/02/15 06:43:38 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2014/01/07 14:44:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/02 19:39:35 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/02 19:39:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/10 11:10:40 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/10 11:07:40 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/10 11:07:17 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/07/03 03:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/05/23 01:12:56 | 000,040,728 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2013/05/23 01:12:52 | 000,059,160 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2013/05/23 01:12:50 | 000,076,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 22:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/05 02:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}
IE:64bit: - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{1B4F174C-375B-4D8B-A5BF-C2B4BC4620B0}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{679C7044-B36E-4D32-8253-B3F7336DA938}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE8SRC&src=IE-SearchBox
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/19 17:53:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2014/02/15 13:37:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
[2014/02/25 19:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions
[2014/02/17 07:47:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2014/02/15 20:23:08 | 000,067,503 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\[email protected]
[2014/02/15 20:21:58 | 000,215,649 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\[email protected]
[2014/02/25 19:34:43 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/15 20:08:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/15 20:08:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/02/19 17:53:34 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1\
CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: WOT = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.25_0\
CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_1\
CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_1\
CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: Hangouts = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.219.1034.1_0\
CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Google Wallet = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2014/03/01 10:06:51 | 000,606,796 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2010-fr.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2012-new.biz # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 212link.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 24h00business.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.adorika.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ad.adn360.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adeartss.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adm.soft365.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.aff.co # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.egdating.net # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
O1 - Hosts: 127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
O1 - Hosts: 18150 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - No CLSID value found.
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - Startup: C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/03/02 09:24:50 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\SCAN RESULTS
[2014/03/02 09:20:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.exe
[2014/03/02 09:16:23 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/02 09:14:17 | 001,037,734 | ---- | C] (Thisisu) -- C:\Users\Oscar\Desktop\JRT.exe
[2014/03/01 17:28:03 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Talk
[2014/03/01 12:01:31 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2014/03/01 09:09:16 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Hewlett-Packard_Developme
[2014/02/28 11:16:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Macrovision
[2014/02/28 11:15:54 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Sonic_Solutions
[2014/02/28 11:15:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2014/02/27 15:06:56 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\DRIVERS
[2014/02/27 10:56:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/02/27 09:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2014/02/27 09:45:08 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Roxio Log Files
[2014/02/27 09:44:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Telespree
[2014/02/27 09:44:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2014/02/27 09:43:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\YouCam
[2014/02/27 09:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2014/02/27 09:30:58 | 000,335,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2014/02/27 09:30:56 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2014/02/26 15:07:36 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2014/02/26 15:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2014/02/26 15:01:02 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/02/26 15:00:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/02/26 14:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2014/02/26 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Logitech
[2014/02/26 12:16:33 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Logishrd
[2014/02/26 08:00:30 | 005,694,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2014/02/26 08:00:29 | 006,574,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2014/02/25 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
[2014/02/25 19:44:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Auslogics
[2014/02/23 16:20:27 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2014/02/23 14:03:19 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.1
[2014/02/23 14:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4
[2014/02/22 19:09:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2014/02/22 19:09:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2014/02/22 19:09:17 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2014/02/22 19:09:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2014/02/22 19:09:13 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2014/02/22 19:09:13 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2014/02/22 19:09:12 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2014/02/22 19:09:12 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2014/02/22 19:09:12 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2014/02/22 19:09:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2014/02/22 19:09:12 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2014/02/22 19:09:11 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2014/02/22 19:09:10 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2014/02/22 19:09:10 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2014/02/22 19:09:09 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2014/02/22 19:09:08 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2014/02/22 19:08:04 | 001,030,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWorkspace.dll
[2014/02/22 19:08:04 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TSWorkspace.dll
[2014/02/19 18:32:08 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
[2014/02/19 07:25:07 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2014/02/17 18:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2014/02/17 17:40:29 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\RegRun2
[2014/02/17 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2014/02/17 15:35:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/02/17 09:39:38 | 000,000,000 | ---D | C] -- C:\SUPERDelete
[2014/02/16 08:20:13 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\SUPERAntiSpyware.com
[2014/02/16 08:18:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2014/02/16 08:18:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2014/02/16 08:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2014/02/16 07:59:41 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2014/02/16 07:59:41 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2014/02/14 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\ChromeTabExtension
[2014/02/14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/14 13:25:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/14 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/14 12:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/02/14 10:14:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/14 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Diagnostics
[2014/02/14 07:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/02/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOWTrojan Removal Tool
[2014/02/12 14:34:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 14:33:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 14:33:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 14:33:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 14:33:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 14:33:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 14:33:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 14:33:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 14:33:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 14:33:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 14:33:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 14:33:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 14:33:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 14:33:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 14:33:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 14:33:17 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 14:33:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 14:33:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 14:33:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 14:33:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 14:33:10 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 14:32:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 14:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 14:11:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 14:10:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 14:10:41 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 14:10:40 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 14:10:40 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 14:10:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 14:10:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 14:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/09 16:48:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/02/09 16:48:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/02/09 16:48:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/02/09 16:48:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/02/08 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wow search
[2014/02/08 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2014/02/07 12:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/06 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Updates Service
[2014/02/06 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\dwhelper
[2014/02/06 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/03/02 10:02:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 10:02:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/02 09:54:42 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/02 09:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/02 09:54:27 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/02 09:52:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/03/02 09:49:38 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 09:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
[2014/03/02 09:26:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/03/02 09:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/02 09:20:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.exe
[2014/03/02 09:19:11 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/03/02 09:15:20 | 001,244,192 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/03/02 09:14:35 | 001,037,734 | ---- | M] (Thisisu) -- C:\Users\Oscar\Desktop\JRT.exe
[2014/03/02 09:08:11 | 000,272,437 | ---- | M] () -- C:\Users\Oscar\Desktop\SCREENSHOT.jpg
[2014/03/02 08:39:59 | 000,038,643 | ---- | M] () -- C:\Users\Oscar\Desktop\I LOVE YOU.jpg
[2014/03/02 08:38:40 | 000,059,791 | ---- | M] () -- C:\Users\Oscar\Desktop\SPIDER IN THE SHOWER.jpg
[2014/03/02 08:36:55 | 000,036,112 | ---- | M] () -- C:\Users\Oscar\Desktop\HUNTER S. THOMPSON.jpg
[2014/03/02 08:35:55 | 000,001,046 | ---- | M] () -- C:\Users\Oscar\Desktop\threats found - Shortcut.lnk
[2014/03/01 17:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
[2014/03/01 15:49:40 | 000,001,190 | ---- | M] () -- C:\Users\Oscar\Desktop\Naveed Ahmed - Shortcut.lnk
[2014/03/01 15:40:24 | 000,009,382 | ---- | M] () -- C:\Users\Oscar\Documents\WOT login.odt
[2014/03/01 14:52:03 | 000,685,801 | ---- | M] () -- C:\Users\Oscar\AppData\Local\census.cache
[2014/03/01 14:51:23 | 000,084,155 | ---- | M] () -- C:\Users\Oscar\AppData\Local\ars.cache
[2014/03/01 14:31:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\VSSVC.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\igfxpers.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\taskhost.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\dwm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\winlogon.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\smss.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\services.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\lsm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\lsass.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\csrss.exe
[2014/03/01 14:19:12 | 000,000,010 | ---- | M] () -- C:\Users\Oscar\AppData\Local\sponge.last.runtime.cache
[2014/03/01 13:38:42 | 000,000,036 | ---- | M] () -- C:\Users\Oscar\AppData\Local\housecall.guid.cache
[2014/03/01 10:06:51 | 000,606,796 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014/03/01 09:54:28 | 000,015,387 | ---- | M] () -- C:\Users\Oscar\Documents\credit card.ods
[2014/03/01 07:59:08 | 000,762,694 | ---- | M] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/03/01 07:58:26 | 001,290,554 | ---- | M] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/03/01 07:55:47 | 000,788,260 | ---- | M] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/03/01 07:55:34 | 000,108,326 | ---- | M] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/27 07:23:16 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/27 07:23:16 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/27 07:23:16 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/26 15:10:15 | 000,001,318 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/02/26 15:01:02 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2014/02/25 12:29:01 | 000,009,788 | ---- | M] () -- C:\Users\Oscar\Documents\WINDOWS 8 BIOS.odt
[2014/02/24 19:57:19 | 000,878,184 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8192ce.sys
[2014/02/24 06:47:57 | 000,296,040 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/02/23 16:21:10 | 000,000,155 | ---- | M] () -- C:\Windows\Reimage.ini
[2014/02/22 21:28:55 | 000,001,391 | ---- | M] () -- C:\Users\Oscar\Desktop\windows 8 product id AND INFO windows 8 - Shortcut (2).lnk
[2014/02/22 19:11:51 | 000,157,187 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20140301-100651.backup
[2014/02/21 17:35:35 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/21 09:25:04 | 000,025,988 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods
[2014/02/21 08:02:11 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/21 08:02:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/02/19 18:32:08 | 000,001,233 | ---- | M] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/17 17:40:32 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2014/02/17 17:40:32 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/17 16:01:13 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/15 06:43:39 | 000,080,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswstm.sys
[2014/02/15 06:43:38 | 001,038,072 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2014/02/15 06:43:38 | 000,421,704 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2014/02/15 06:43:38 | 000,334,136 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2014/02/15 06:43:38 | 000,078,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2014/02/15 06:43:37 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/02/14 07:51:19 | 000,001,246 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/12 14:36:47 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 07:10:14 | 000,013,196 | ---- | M] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/06 18:21:09 | 000,002,074 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/03/02 09:49:38 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/02 09:14:59 | 001,244,192 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/03/02 09:05:54 | 000,272,437 | ---- | C] () -- C:\Users\Oscar\Desktop\SCREENSHOT.jpg
[2014/03/02 08:39:59 | 000,038,643 | ---- | C] () -- C:\Users\Oscar\Desktop\I LOVE YOU.jpg
[2014/03/02 08:38:39 | 000,059,791 | ---- | C] () -- C:\Users\Oscar\Desktop\SPIDER IN THE SHOWER.jpg
[2014/03/02 08:36:54 | 000,036,112 | ---- | C] () -- C:\Users\Oscar\Desktop\HUNTER S. THOMPSON.jpg
[2014/03/01 17:04:23 | 000,001,046 | ---- | C] () -- C:\Users\Oscar\Desktop\threats found - Shortcut.lnk
[2014/03/01 15:40:22 | 000,009,382 | ---- | C] () -- C:\Users\Oscar\Documents\WOT login.odt
[2014/03/01 14:52:03 | 000,685,801 | ---- | C] () -- C:\Users\Oscar\AppData\Local\census.cache
[2014/03/01 14:51:23 | 000,084,155 | ---- | C] () -- C:\Users\Oscar\AppData\Local\ars.cache
[2014/03/01 14:31:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\VSSVC.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\igfxpers.exe
[2014/03/01 14:31:25 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\hkcmd.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\taskhost.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\spoolsv.exe
[2014/03/01 14:31:24 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dwm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\winlogon.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\smss.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\services.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsm.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\lsass.exe
[2014/03/01 14:31:09 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\csrss.exe
[2014/03/01 14:19:12 | 000,000,010 | ---- | C] () -- C:\Users\Oscar\AppData\Local\sponge.last.runtime.cache
[2014/03/01 13:38:42 | 000,000,036 | ---- | C] () -- C:\Users\Oscar\AppData\Local\housecall.guid.cache
[2014/03/01 11:11:39 | 000,001,190 | ---- | C] () -- C:\Users\Oscar\Desktop\Naveed Ahmed - Shortcut.lnk
[2014/02/27 12:19:59 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/02/26 15:10:15 | 000,001,318 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2014/02/25 12:28:59 | 000,009,788 | ---- | C] () -- C:\Users\Oscar\Documents\WINDOWS 8 BIOS.odt
[2014/02/23 16:12:52 | 000,000,155 | ---- | C] () -- C:\Windows\Reimage.ini
[2014/02/22 21:28:55 | 000,001,391 | ---- | C] () -- C:\Users\Oscar\Desktop\windows 8 product id AND INFO windows 8 - Shortcut (2).lnk
[2014/02/22 19:03:21 | 000,001,266 | ---- | C] () -- C:\Users\Oscar\Desktop\Windows Update.lnk
[2014/02/20 06:57:19 | 000,788,260 | ---- | C] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/20 06:57:18 | 000,108,326 | ---- | C] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/19 19:52:22 | 000,002,279 | ---- | C] () -- C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder - Shortcut.lnk
[2014/02/19 18:32:08 | 000,001,233 | ---- | C] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/18 06:43:21 | 001,290,554 | ---- | C] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/17 17:40:32 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2014/02/17 17:40:32 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2014/02/16 08:18:52 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2014/02/14 07:51:19 | 000,001,246 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/12 07:10:14 | 000,013,196 | ---- | C] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/08 18:42:58 | 000,762,694 | ---- | C] () -- C:\ProgramData\ChromeTabExtension.crx
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 17:56:07 | 000,008,704 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/07/25 17:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/21 18:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/06/10 19:18:18 | 000,003,215 | ---- | C] () -- C:\Users\Oscar\.swfinfo
[2012/06/03 11:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2012/05/26 12:42:39 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 12:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\2BrightSparks
[2013/10/09 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AffiliatedUpdate
[2012/12/04 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2013/12/02 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AVAST Software
[2012/09/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio
[2012/12/01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee
[2013/06/10 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software
[2013/07/09 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com
[2014/02/17 09:39:40 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IObit
[2014/02/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2013/12/19 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leawo
[2014/02/08 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
[2012/05/31 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
[2014/02/08 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice
[2014/02/08 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org
[2012/05/31 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
[2013/08/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player
[2013/05/09 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan
[2014/02/08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client
[2012/11/08 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Thunderbird
[2013/12/19 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\tiger-k
[2013/02/12 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software
[2014/02/08 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso
[2012/08/15 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent
[2012/05/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:84098FD3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
OTL Extras logfile created on: 3/2/2014 10:07:37 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 49.02% Memory free
7.71 Gb Paging File | 5.00 Gb Available in Paging File | 64.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 192.93 Gb Free Space | 69.03% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.13 Gb Free Space | 28.65% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system |
"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system |
"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system |
"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 |
"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system |
"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{75F32678-0798-471F-95BB-416DFF3BA05D}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{7F59762B-79F3-43AC-8EED-14FE6F4840C1}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{8232D0DA-18FA-4E7F-A1D2-42FBBA8E560E}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{BF9C23C5-F15D-4D42-93EB-A109E50E26F5}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 |
"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FA4B4A86-364D-48F3-B892-97BF5B237952}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}" = Python 2.7.6 (64-bit)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{e9d90870-ab19-32a8-aa93-f8348ba21d05}" = Python 3.3.3 (64-bit)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics TouchPad Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1" = VSO EVE Network Driver version 0.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5E63C0AB-19B0-47D4-842E-6B324EB0614B}" = HP Connection Manager
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86FD8326-909D-45F5-BB61-0619D0D31293}" = HP Support Solutions Framework
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{c32d80cc-20d1-386b-b1e2-cce219263394}" = Python 3.4.0b1
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCE68200-4ED0-3E0A-A7F2-504897E356AB}" = Google Talk Plugin
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics DiskDefrag
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1" = VSO Downloader 3.1.0.50
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.3
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0.1 (x86 en-US)" = Mozilla Firefox 27.0.1 (x86 en-US)
"Mozilla Thunderbird 24.3.0 (x86 en-US)" = Mozilla Thunderbird 24.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Should I Remove It 1.0.4" = Should I Remove It
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 3/2/2014 10:54:56 AM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 2/3/2013 09:02:00 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/4/2013 09:07:50 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 2/5/2013 09:11:52 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/6/2013 12:51:25 PM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/7/2013 09:39:27 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/8/2013 09:37:33 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/9/2013 10:15:55 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/10/2013 09:36:40 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/11/2013 09:34:08 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 2/12/2013 09:29:13 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
[ HP Connection Manager Events ]
Error - 3/2/2014 10:25:51 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:25:51.078|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:25:53 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:25:53.106|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:25:57 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:25:57.162|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:25:59 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:25:59.190|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:26:00 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:26:00.204|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:26:02 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:26:02.232|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:26:02 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:26:02.747|00001ED8|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:53:56 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:53:56.653|00000BA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:53:58 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:53:58.665|00000BA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
Error - 3/2/2014 10:53:58 AM | Computer Name = Oscar-HP | Source = hpCMSrv | ID = 5
Description = 2014/03/02 09:53:58.681|00000BA0|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]
[ HP Software Framework Events ]
Error - 12/5/2012 09:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2012/12/05 08:33:48.485|00001B44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/9/2013 09:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/09 08:43:12.852|00001760|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/16/2013 09:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/16 08:44:10.684|000015E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:42.137|000016B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:55.043|00001608|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:59.741|0000016C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5
Description = 2013/02/06 11:42:05.729|00001308|Error |ChpqWmiExModule::Start|StartServiceCtrlDispatcher
FAILED. Error: 1063
Error - 2/14/2013 09:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:12:11.528|00001DD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/14/2013 09:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:13:52.142|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/14/2013 09:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:14:10.925|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 3/2/2014 10:54:35 AM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126
< End of report >
-
Thanks for all the help Chuck. Ran Eset again and it came up clean.
Thank you, be safe, Oscar
-
Chuck, I have never made a mistake, ha ha, ran Eset again and came up with this:
C:\Users\Oscar\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\driverbooster-cnet-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\rcsetup150.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Oscar\Desktop\chrome downloads\WOWTrojanRemovalTool.exe a variant of Win32/SecurityStronghold.A potentially unwanted application deleted - quarantined
C:\Users\Oscar\Desktop\downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Oscar\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-SEO-10687648.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro (1).exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro.exe a variant of Win32/AirAdInstaller.A potentially unwanted application deleted - quarantined
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantinedHope that's good.
Thanks for all your time and help, Oscar
-
Got this from your post when you told me to run Eset:
7. Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
8. Now click on Advanced Settings and select the following:Will run Eset again with the box to remove threats checked
-
Yes, I cleared cache
-
Second scan found this:
C:\Users\Oscar\AppData\Local\Downloaded Installations\{4175787A-9EE1-4D7D-9D00-F80F59573684}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a6b HTML/ScrInject.B.Gen virus
C:\Users\Oscar\Desktop\chrome downloads\driverbooster-cnet-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Oscar\Desktop\chrome downloads\rcsetup150.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Oscar\Desktop\chrome downloads\WOWTrojanRemovalTool.exe a variant of Win32/SecurityStronghold.A potentially unwanted application
C:\Users\Oscar\Desktop\downloads\Shockwave_Installer_Slim(1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Users\Oscar\Downloads\cbsidlm-cbsi176-Revo_Uninstaller-SEO-10687648.exe a variant of Win32/CNETInstaller.B potentially unwanted application
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro (1).exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Oscar\Downloads\downloads\FlashPlayerPro.exe a variant of Win32/AirAdInstaller.A potentially unwanted application
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe Win32/DownloadAdmin.G potentially unwanted application
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe Win32/DownloadAdmin.G potentially unwanted application
-
I made a copy of the infection found by Eset, don't know that you need it...............
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000a6b HTML/ScrInject.B.Gen virus
Chuck, I ran a second scan with Eset and found more stuff. Presently it has found 11 infections
-
Chuck, I have used Eset online scanner quite a few times just to back up other scans. I ran it prior to posting here and don't remember that it came up with anything other than an Eicar file I had saved for test purposes, anyway here is the report from today... Oscar
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 12:45:39
# local_time=2012-09-17 08:45:39 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 56684589 99469250 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120274
# found=8
# cleaned=8
# scan_time=3339
C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\edogkopmmbiomlflahmmpchnobahleib\npFreeWorkzGC.dll a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected]\components\FreeWorkzFirefox.dll a variant of Win32/Adware.Gamevance.CS application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\Desktop\downloads\audacity_installer_1912.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\Downloads\New folder\SoftonicDownloader_for_google-voice-and-video-chat.exe a variant of Win32/SoftonicDownloader.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\Music\installed programs\installer_nokia_pc_suite.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\Music\installed programs\openofficesuite-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Oscar\Music\installed programs\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-18 02:37:38
# local_time=2012-09-17 10:37:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=5893 16776574 100 94 56688291 99472952 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=120400
# found=0
# cleaned=0
# scan_time=6355
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6844
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-06 02:00:34
# local_time=2012-12-06 09:00:34 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 100 94 2910092 130594306 0 0
# compatibility_mode=5893 16776574 100 94 63561223 106345884 0 0
# scanned=121306
# found=0
# cleaned=0
# scan_time=3338
ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not open internetOnlineCmdLineScanner.exe@High:Finished. 3.0.2
lost connection with clientESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=13093
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-10 10:28:52
# local_time=2013-02-10 05:28:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=774 16777213 100 94 8642990 136327204 0 0
# compatibility_mode=5893 16776574 100 94 69294121 112078782 0 0
# scanned=37089
# found=0
# cleaned=0
# scan_time=3660
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# IEXPLORE.EXE=10.00.9200.16521 (win8_gdr_soc_ie.130216-2100)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=13795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-05-10 02:05:27
# local_time=2013-05-09 10:05:27 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 1141287 143943399 0 0
# compatibility_mode=5893 16776574 100 94 326771 119694977 0 0
# scanned=139286
# found=0
# cleaned=0
# scan_time=6399
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=14689
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-07 06:23:02
# local_time=2013-08-07 02:23:02 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 680950 151688054 0 0
# compatibility_mode=5893 16776573 100 94 0 127443232 0 0
# scanned=157161
# found=0
# cleaned=0
# scan_time=6767
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9c3acbe7b6b9c34ca3c6476a0b51c1ed
# engine=16985
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-07 09:15:03
# local_time=2014-02-07 04:15:03 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 77 1765850 2586506 0 0
# compatibility_mode=5893 16776573 100 94 0 143351153 0 0
# scanned=164068
# found=1
# cleaned=1
# scan_time=8304
sh=3395856CE81F2B7382DEE72602F798B642F14140 ft=0 fh=0000000000000000 vn="Eicar test file (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Oscar\Desktop\ff downloads\eicar.com.txt"
-
I picked it up while installing a program from internet to watch free movies.
I don't understand what this means, especially about firefox, I don't playWorld of WarCraft:
Sometimes this will happen with 2 things.
1. Something wrong with Firefox so they will reset it !
2. From playing World of WarCraft, they delete it !
I have not seen utop.it or wow search in IE or firefox since I started this post but I had removed it from IE homepage using superantispyware and removed the wow search from FF by managing search engines
Will uninstall combofix per your directions.
Question: Am I STILL INFECTED FROM WHAT YOU SEE?
-
Good morning Chuck, I did not download Utop.it or Wow search, they were bundled in something I installed before my original post, I thought I had declined other stuff in the installation, but I guess I was fooled. Logs you requested follow:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2
Run by Oscar at 10:48:36 on 2014-02-17
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1554 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride =
BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Google Update] "C:\Users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
uRun: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}\4656775697D27657563747 : DHCPNameServer = 207.69.188.186 207.69.188.187 192.168.33.1
TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}\54E67456E6965737635303730383F523 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}\84F4D454D213340373 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\
FF - prefs.js: browser.search.selectedEngine - wow search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-29 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-7-29 207904]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-29 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-29 421704]
R1 Eve;EVE Protocol Driver;C:\Windows\System32\drivers\eve.sys [2013-9-9 41304]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-24 98208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-29 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-15 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-24 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-24 1817088]
R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-10 2151200]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-14 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-14 701512]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-11-10 239176]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-1-29 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]
R2 Security Updates Service;Security Updates Service;C:\Program Files (x86)\Security Updates Service\winupdsvc.exe [2014-1-31 1998336]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-24 2656280]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-7 80184]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-11-10 169752]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-14 25928]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-24 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-10 883928]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2013-11-10 1514568]
R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-11-10 32496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-5 19456]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2012-3-24 1145448]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-5 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-5 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-28 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-02-17 14:39:38 -------- d-----w- C:\SUPERDelete
2014-02-17 11:27:37 -------- d-----w- C:\Users\Oscar\AppData\Local\{39CBD747-9B78-4567-A5D2-001EEF3D6826}
2014-02-16 13:20:13 -------- d-----w- C:\Users\Oscar\AppData\Roaming\SUPERAntiSpyware.com
2014-02-16 13:18:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2014-02-16 13:18:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2014-02-16 12:59:41 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2014-02-16 12:59:41 115920 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2014-02-16 12:59:41 -------- d-----w- C:\Program Files (x86)\EULAlyzer
2014-02-15 01:25:03 -------- d-----w- C:\Users\Oscar\AppData\Local\ChromeTabExtension
2014-02-14 18:25:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-02-14 18:25:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-14 17:49:39 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%
2014-02-14 15:14:54 -------- d-----w- C:\AdwCleaner
2014-02-14 14:47:20 -------- d-----w- C:\Users\Oscar\AppData\Local\Diagnostics
2014-02-14 11:11:15 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBCFB59C-4AEB-4E81-94E3-B7F635144E75}\mpengine.dll
2014-02-12 20:24:42 -------- d-----w- C:\Program Files (x86)\WOWTrojan Removal Tool
2014-02-12 19:34:33 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-02-12 19:34:33 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-02-12 19:32:59 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-12 19:11:14 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2014-02-12 19:11:14 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2014-02-12 19:11:13 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2014-02-12 19:11:13 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2014-02-12 19:07:00 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 19:07:00 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 19:07:00 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 19:07:00 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-09 21:48:08 81920 ----a-w- C:\Windows\eSellerateControl350.dll
2014-02-09 21:48:08 356352 ----a-w- C:\Windows\eSellerateEngine.dll
2014-02-09 21:48:08 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll
2014-02-09 21:48:08 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll
2014-02-08 23:42:21 -------- d-----w- C:\Program Files (x86)\wow search
2014-02-08 23:42:19 788260 ----a-w- C:\ProgramData\yvd_firefox_se.exe
2014-02-08 23:42:10 1290554 ----a-w- C:\ProgramData\yvd_chrome_se.exe
2014-02-08 23:42:10 108326 ----a-w- C:\ProgramData\yvd_ie_se.exe
2014-02-08 18:29:24 -------- d-----w- C:\Program Files (x86)\Iomega
2014-02-07 17:31:30 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-02-06 23:04:26 -------- d-----w- C:\Program Files (x86)\Security Updates Service
2014-02-06 21:57:25 2404326 ----a-w- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
2014-02-06 20:45:53 -------- d-----w- C:\Users\Oscar\dwhelper
2014-02-06 19:02:58 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-01-23 23:16:57 -------- d-----w- C:\Users\Oscar\AppData\Local\Downloaded Installations
.
==================== Find3M ====================
.
2014-02-15 11:43:39 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-15 11:43:38 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-15 11:43:38 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-15 11:43:37 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-05 11:39:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 11:39:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-15 11:49:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-07 19:44:13 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-11 12:55:05 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-12-03 00:39:35 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-03 00:39:35 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-25 00:09:14 2717184 ----a-w- C:\Windows\SysWow64\python34.dll
2013-11-25 00:07:04 102912 ----a-w- C:\Windows\pyw.exe
2013-11-25 00:07:04 102400 ----a-w- C:\Windows\py.exe
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 10:49:25.93 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2012 5:21:12 PM
System Uptime: 2/17/2014 6:10:00 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 3672
Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1067mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 222.483 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.071 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\WPD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\WPD\0000
Service:
.
==== System Restore Points ===================
.
RP395: 2/8/2014 1:42:26 PM - avast! antivirus system restore point
RP396: 2/11/2014 7:14:41 AM - Windows Update
RP397: 2/12/2014 2:32:25 PM - Windows Update
RP398: 2/14/2014 8:44:05 PM - OTL Restore Point - 2/14/2014 8:44:02 PM
RP399: 2/15/2014 6:41:42 AM - avast! antivirus system restore point
RP400: 2/15/2014 1:33:48 PM - OTL Restore Point - 2/15/2014 1:33:45 PM
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Catalyst Install Manager
avast! Free Antivirus
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compaq Setup Manager
CyberLink YouCam
D3DX10
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1
EULAlyzer 2.2
Extended Update
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
Java 7 Update 51
Junk Mail filter update
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nokia Connectivity Cable Driver
Nokia Suite
OpenOffice 4.0.1
PC Connectivity Solution
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Python 2.7.6 (64-bit)
Python 3.3.3 (64-bit)
Python 3.4.0b1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Should I Remove It
Skype Click to Call
Skypeâ„¢ 6.11
Spybot - Search & Destroy
SUPERAntiSpyware
Surfing Protection
swMSM
Synaptics TouchPad Driver
Visual Studio 2010 x64 Redistributables
VLC media player 2.1.3
VSO Downloader 2.9.1.4
VSO Downloader 3.1.0.50
VSO EVE Network Driver version 0.4
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.3
.
==== Event Viewer Messages From Past Week ========
.
2/17/2014 6:10:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
2/14/2014 8:33:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
2/14/2014 8:25:25 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/14/2014 8:25:19 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/14/2014 3:52:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 5/26/2012 5:21:12 PM
System Uptime: 2/17/2014 6:10:00 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 3672
Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1067mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 279 GiB total, 222.483 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.071 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\WPD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\WPD\0000
Service:
.
==== System Restore Points ===================
.
RP395: 2/8/2014 1:42:26 PM - avast! antivirus system restore point
RP396: 2/11/2014 7:14:41 AM - Windows Update
RP397: 2/12/2014 2:32:25 PM - Windows Update
RP398: 2/14/2014 8:44:05 PM - OTL Restore Point - 2/14/2014 8:44:02 PM
RP399: 2/15/2014 6:41:42 AM - avast! antivirus system restore point
RP400: 2/15/2014 1:33:48 PM - OTL Restore Point - 2/15/2014 1:33:45 PM
.
==== Installed Programs ======================
.
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Adobe Shockwave Player 12.0
AMD APP SDK Runtime
AMD Catalyst Install Manager
avast! Free Antivirus
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compaq Setup Manager
CyberLink YouCam
D3DX10
ESET Online Scanner v3
ESU for Microsoft Windows 7 SP1
EULAlyzer 2.2
Extended Update
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Hewlett-Packard ACLM.NET v1.2.1.1
HP Auto
HP Client Services
HP Customer Experience Enhancements
HP Documentation
HP Launch Box
HP MovieStore
HP On Screen Display
HP Power Manager
HP Product Detection
HP Quick Launch
HP QuickWeb
HP Setup
HP Software Framework
HP Support Assistant
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Internet TV for Windows Media Center
Java 7 Update 51
Junk Mail filter update
LG USB Modem driver
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Nokia Connectivity Cable Driver
Nokia Suite
OpenOffice 4.0.1
PC Connectivity Solution
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Python 2.7.6 (64-bit)
Python 3.3.3 (64-bit)
Python 3.4.0b1
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
REALTEK Wireless LAN Driver
Recovery Manager
RoxioNow Player
Secunia PSI (3.0.0.7011)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Should I Remove It
Skype Click to Call
Skypeâ„¢ 6.11
Spybot - Search & Destroy
SUPERAntiSpyware
Surfing Protection
swMSM
Synaptics TouchPad Driver
Visual Studio 2010 x64 Redistributables
VLC media player 2.1.3
VSO Downloader 2.9.1.4
VSO Downloader 3.1.0.50
VSO EVE Network Driver version 0.4
Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPcap 4.1.3
.
==== Event Viewer Messages From Past Week ========
.
2/17/2014 6:10:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126
2/14/2014 8:33:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
2/14/2014 8:25:25 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).
2/14/2014 8:25:20 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
2/14/2014 8:25:19 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
2/14/2014 3:52:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
.
==== End Of File ===========================
ComboFix 14-02-16.01 - Oscar 02/17/2014 11:02:53.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1438 [GMT -5:00]
Running from: c:\users\Oscar\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
c:\programdata\yvd_chrome_se.exe
c:\programdata\yvd_firefox_se.exe
c:\programdata\yvd_ie_se.exe
c:\users\Oscar\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2014-01-17 to 2014-02-17 )))))))))))))))))))))))))))))))
.
.
2014-02-17 16:11 . 2014-02-17 16:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-02-17 16:11 . 2014-02-17 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-02-17 14:39 . 2014-02-17 14:39 -------- d-----w- C:\SUPERDelete
2014-02-16 13:20 . 2014-02-16 13:20 -------- d-----w- c:\users\Oscar\AppData\Roaming\SUPERAntiSpyware.com
2014-02-16 13:18 . 2014-02-16 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-02-16 13:18 . 2014-02-16 13:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-02-16 12:59 . 2014-02-16 12:59 -------- d-----w- c:\program files (x86)\EULAlyzer
2014-02-16 12:59 . 2011-05-15 20:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-02-16 12:59 . 2011-05-15 20:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX
2014-02-15 01:25 . 2014-02-15 01:25 -------- d-----w- c:\users\Oscar\AppData\Local\ChromeTabExtension
2014-02-14 18:25 . 2014-02-14 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-14 18:25 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-02-14 17:49 . 2014-02-14 17:49 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%
2014-02-14 15:14 . 2014-02-16 14:34 -------- d-----w- C:\AdwCleaner
2014-02-14 14:47 . 2014-02-14 14:47 -------- d-----w- c:\users\Oscar\AppData\Local\Diagnostics
2014-02-14 11:11 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBCFB59C-4AEB-4E81-94E3-B7F635144E75}\mpengine.dll
2014-02-12 20:24 . 2014-02-14 13:25 -------- d-----w- c:\program files (x86)\WOWTrojan Removal Tool
2014-02-12 19:34 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-02-12 19:34 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-02-12 19:32 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll
2014-02-12 19:11 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-02-12 19:11 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-12 19:11 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-02-12 19:11 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-02-12 19:07 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-12 19:07 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-02-12 19:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-02-12 19:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-02-09 21:48 . 2013-10-14 16:57 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll
2014-02-09 21:48 . 2013-10-14 16:57 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll
2014-02-09 21:48 . 2013-10-14 16:57 81920 ----a-w- c:\windows\eSellerateControl350.dll
2014-02-09 21:48 . 2013-10-14 16:57 356352 ----a-w- c:\windows\eSellerateEngine.dll
2014-02-08 23:42 . 2014-02-08 23:42 -------- d-----w- c:\program files (x86)\wow search
2014-02-08 18:29 . 2014-02-08 21:38 -------- d-----w- c:\program files (x86)\Iomega
2014-02-08 18:28 . 2014-02-08 18:28 -------- d-----w- c:\users\Oscar\AppData\Roaming\Leadertech
2014-02-07 17:31 . 2014-02-10 12:34 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-02-06 23:04 . 2014-02-06 23:04 -------- d-----w- c:\program files (x86)\Security Updates Service
2014-02-06 20:45 . 2014-02-06 20:48 -------- d-----w- c:\users\Oscar\dwhelper
2014-02-06 19:02 . 2014-02-16 01:08 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2014-02-06 14:10 . 2014-02-06 23:21 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2014-01-24 22:45 . 2014-02-07 15:12 -------- d-----w- c:\program files\Recuva
2014-01-23 23:16 . 2014-02-08 21:39 -------- d-----w- c:\users\Oscar\AppData\Local\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-15 11:43 . 2014-01-07 19:44 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-02-15 11:43 . 2013-07-29 21:12 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-15 11:43 . 2013-07-29 21:12 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-15 11:43 . 2013-07-29 21:12 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-15 11:43 . 2013-07-29 21:12 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-15 11:43 . 2013-07-29 21:11 43152 ----a-w- c:\windows\avastSS.scr
2014-02-12 19:44 . 2012-05-30 21:46 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-02-05 11:39 . 2013-02-18 13:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 11:39 . 2013-02-18 13:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-15 11:49 . 2014-01-15 11:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-07 19:44 . 2013-07-29 21:12 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 12:55 . 2013-10-09 00:01 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-12-03 00:39 . 2013-07-29 21:12 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-12-03 00:39 . 2013-07-29 21:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-27 01:41 . 2014-01-15 11:39 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-11-27 01:41 . 2014-01-15 11:39 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-11-27 01:41 . 2014-01-15 11:39 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-11-27 01:41 . 2014-01-15 11:39 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-11-27 01:41 . 2014-01-15 11:39 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-11-27 01:41 . 2014-01-15 11:39 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-11-27 01:41 . 2014-01-15 11:39 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-11-26 11:40 . 2014-01-15 11:39 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2013-11-26 10:32 . 2014-01-15 11:39 3156480 ----a-w- c:\windows\system32\win32k.sys
2013-11-25 00:09 . 2013-11-25 00:09 2717184 ----a-w- c:\windows\SysWow64\python34.dll
2013-11-25 00:07 . 2013-11-25 00:07 102912 ----a-w- c:\windows\pyw.exe
2013-11-25 00:07 . 2013-11-25 00:07 102400 ----a-w- c:\windows\py.exe
2013-11-23 18:26 . 2013-12-11 21:38 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-11 21:38 465920 ----a-w- c:\windows\system32\WMPhoto.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]
"GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-15 3767096]
"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys;c:\windows\SYSNATIVE\DRIVERS\eve.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
S2 Security Updates Service;Security Updates Service;c:\program files (x86)\Security Updates Service\winupdsvc.exe;c:\program files (x86)\Security Updates Service\winupdsvc.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-04 22:15 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 11:39]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54]
.
2014-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]
.
2014-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]
.
2014-02-17 c:\windows\Tasks\HPCeeScheduleForOscar.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-02-15 11:43 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-10 7158344]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride =
TCP: DhcpNameServer = 10.0.0.1
FF - ProfilePath - c:\users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\
FF - prefs.js: browser.search.selectedEngine - wow search
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-AffiliatedUpdate - c:\users\Oscar\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-02-17 11:19:52 - machine was rebooted
ComboFix-quarantined-files.txt 2014-02-17 16:19
.
Pre-Run: 236,872,212,480 bytes free
Post-Run: 236,847,767,552 bytes free
.
- - End Of File - - 9493B2860BC0EBCEE62608F77D378093
-
UTOP.IT HAS ALSO TAKEN OVER IE HOMEPAGE BUT I CHANGED IT BACK USING SUPERANTISPYWARE
-
Chuck, Wow search reappeared in Firefox and IE, some of this stuff is persistent
Oscar
-
Thank you Chuck, I really appreciate the help.You are the best.
Thank you, Oscar
-
Sorry Chuck, I didn't realize there was a second page to this post. Here is the log
Oscar
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "wow search" removed from browser.search.order.1
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Oscar
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Oscar
->Flash cache emptied: 1758 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Oscar
->Temp folder emptied: 209583 bytes
->Temporary Internet Files folder emptied: 31482291 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18894394 bytes
->Google Chrome cache emptied: 129087024 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10305543 bytes
Total Files Cleaned = 181.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02152014_133255
Files\Folders moved on Reboot...
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF scheduled to be moved on reboot.
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Hopefully the lst scan Chuck................
OTL logfile created on: 2/15/2014 6:00:32 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.91% Memory free
7.71 Gb Paging File | 5.39 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 221.59 Gb Free Space | 79.29% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/14 20:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.scr
PRC - [2014/02/06 09:10:09 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/31 18:16:10 | 000,064,384 | ---- | M] (Google) -- C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
PRC - [2014/01/28 01:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/07 14:44:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 17:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/10/26 10:53:00 | 000,139,792 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/12 15:30:44 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/12 15:30:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 15:00:19 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 15:00:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 14:57:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 14:57:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 14:57:21 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 14:57:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 14:56:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 14:56:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 14:56:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 13:03:09 | 000,181,760 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\plugin\ace.dll
MOD - [2014/02/06 09:10:10 | 003,019,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/02/06 09:10:10 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/02/06 09:10:10 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/28 01:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/02 19:39:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/12/21 17:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/12/21 17:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/12/21 17:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/12/21 17:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/12/21 17:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/12/21 17:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/12/21 17:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/12/21 17:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/12/21 17:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/12/21 17:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/12/21 17:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/12/21 17:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/12/21 17:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/12/21 17:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/12/21 17:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/12/21 17:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/12/21 17:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/12/21 17:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/12/21 17:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/12/21 15:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/12/21 15:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/12/21 15:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/10 11:11:04 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/02/06 09:20:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 06:39:39 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe -- (Security Updates Service)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/07 14:44:56 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/07 14:44:13 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/07 14:44:13 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/07 14:44:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/07 14:44:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/02 19:39:35 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/02 19:39:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/10 11:10:40 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/10 11:07:40 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/10 11:07:17 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/10 11:06:29 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/07/03 03:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/03 18:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/12 22:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 22:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 16:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "wow search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://centurylink.net/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..keyword.URL: "http://myvdo.tv/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/08 13:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2014/02/14 20:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2014/02/08 13:45:11 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\OSCAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E4GA19TC.DEFAULT\EXTENSIONS\[email protected]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: Hangouts = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Google Wallet = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/02/14 20:43:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/14 20:38:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.scr
[2014/02/14 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\ChromeTabExtension
[2014/02/14 20:25:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/14 16:13:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 15:55:31 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\CLEANING
[2014/02/14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/14 13:25:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/14 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/14 12:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/02/14 12:49:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/02/14 12:35:00 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\security 2
[2014/02/14 10:14:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/14 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Diagnostics
[2014/02/14 07:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/02/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOWTrojan Removal Tool
[2014/02/12 14:34:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 14:33:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 14:33:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 14:33:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 14:33:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 14:33:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 14:33:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 14:33:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 14:33:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 14:33:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 14:33:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 14:33:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 14:33:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 14:33:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 14:33:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 14:33:17 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 14:33:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 14:33:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 14:33:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 14:33:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 14:33:10 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 14:32:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 14:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 14:11:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 14:10:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 14:10:41 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 14:10:40 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 14:10:40 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 14:10:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 14:10:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 14:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\New folder (2)
[2014/02/09 16:48:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/02/09 16:48:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/02/09 16:48:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/02/09 16:48:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/02/08 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wow search
[2014/02/08 13:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iomega
[2014/02/08 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2014/02/07 12:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/06 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Updates Service
[2014/02/06 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\dwhelper
[2014/02/06 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/01/24 17:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/01/23 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Downloaded Installations
[2014/01/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\turbotax return
========== Files - Modified Within 30 Days ==========
[2014/02/15 05:54:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 05:54:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 05:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/15 05:47:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 05:46:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 05:46:47 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 20:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
[2014/02/14 20:43:52 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/14 20:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.scr
[2014/02/14 20:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/14 19:49:02 | 000,762,694 | ---- | M] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/14 19:48:37 | 001,290,554 | ---- | M] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/14 17:46:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
[2014/02/14 16:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 16:04:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:58:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:40:47 | 001,166,132 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 07:51:19 | 000,001,246 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | M] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/13 19:41:34 | 000,788,260 | ---- | M] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/13 19:41:30 | 000,108,326 | ---- | M] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/13 10:48:25 | 000,015,010 | ---- | M] () -- C:\Users\Oscar\Documents\credit card.ods
[2014/02/13 10:44:48 | 000,025,861 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods
[2014/02/13 08:38:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/02/12 14:36:47 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 14:36:47 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 14:36:47 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 14:36:35 | 000,775,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 07:10:14 | 000,013,196 | ---- | M] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/10 13:29:14 | 000,083,322 | ---- | M] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | M] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | M] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/07 10:19:57 | 000,001,233 | ---- | M] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 18:21:09 | 000,002,074 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/02/06 18:00:23 | 002,404,326 | ---- | M] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 06:39:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/05 06:39:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/29 11:50:38 | 000,007,605 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2014/01/28 09:59:13 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/21 07:06:38 | 000,010,783 | ---- | M] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
========== Files Created - No Company Name ==========
[2014/02/14 16:04:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:40:27 | 001,166,132 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 07:51:19 | 000,001,246 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | C] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/12 07:10:14 | 000,013,196 | ---- | C] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/10 13:29:14 | 000,083,322 | ---- | C] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | C] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | C] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/08 18:42:58 | 000,762,694 | ---- | C] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/08 18:42:19 | 000,788,260 | ---- | C] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/08 18:42:10 | 001,290,554 | ---- | C] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/08 18:42:10 | 000,108,326 | ---- | C] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/07 10:19:57 | 000,001,233 | ---- | C] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 16:57:25 | 002,404,326 | ---- | C] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/01/21 07:06:36 | 000,010,783 | ---- | C] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 17:56:07 | 000,008,704 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 07:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/09 07:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/09 07:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/09 07:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/09 07:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/25 17:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/21 18:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/06/10 19:18:18 | 000,003,215 | ---- | C] () -- C:\Users\Oscar\.swfinfo
[2012/06/03 11:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2012/05/26 12:42:39 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 12:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\2BrightSparks
[2013/10/09 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AffiliatedUpdate
[2012/12/04 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2013/12/02 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AVAST Software
[2012/09/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio
[2012/12/01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee
[2013/06/10 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software
[2013/07/09 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com
[2014/02/08 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IObit
[2014/02/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2013/12/19 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leawo
[2014/02/08 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
[2012/05/31 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
[2014/02/08 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice
[2014/02/08 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org
[2012/05/31 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
[2013/08/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player
[2013/05/09 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan
[2014/02/08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client
[2012/11/08 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Thunderbird
[2013/12/19 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\tiger-k
[2013/02/12 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software
[2014/02/08 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso
[2012/08/15 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent
[2012/05/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
-
Thank you Chuck, it seems to be running well and no signs of the problem.You are amazing
Oscar
Will post a log after running OTL
-
Time for bed here Chuck, we are the same age and I run out of gas this time of day (9:00eastern) I will check here first thing tomorrow.
Thanks so much for your help, Oscar
-
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\modules\ffmpeg folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\modules folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\ru folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\lt folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\hy-AM folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\ar folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\player folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\include folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\dialogs folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\data folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\bindings folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions folder moved successfully.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ not found.
Registry value HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TWC.Win7 deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Oscar
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Oscar
->Flash cache emptied: 1135 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Oscar
->Temp folder emptied: 4478044 bytes
->Temporary Internet Files folder emptied: 17601602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19834886 bytes
->Google Chrome cache emptied: 101231757 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1053903 bytes
Total Files Cleaned = 138.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
OTL by OldTimer - Version 3.2.69.0 log created on 02142014_204321
Files\Folders moved on Reboot...
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-
Hey Chuck, you have a life besides these forums and need to take care of it. I am grateful for your help , will look at this later.
thank you, Oscar
Wow search and Utop.it not completely removed
in Malware Removal
Posted
Thank you Chuck,
Oscar