ore262
-
Content Count
44 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by ore262
-
-
hi chuck, sorry to take so long to reply. I don't see it in add/remove.
More than happy to do cleanup
-
I have utop.it home page and wow in internet explorer search box. I downloaded a program recently and I guess this was bundled in it. I have attempted to remove it by restoring IE to it's original settings but it is still there. Can you please help me remove it?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Oscar on Fri 02/14/2014 at 12:59:04.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Oscar\appdata\local\solid savings"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{02ED242B-D521-4C82-AC57-D88B38AE361E}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{0984FB10-1D61-442F-9965-E0A045DE0E61}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{0E589990-1725-47B6-9BA0-F24F13A340BF}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{2171BB61-6236-4765-BC85-37BB00540AA6}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{24F3EE63-EC36-4F64-A4F6-0F6937681F34}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{24FCEF10-37DD-4C19-9D95-5C362BF4D9E4}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{28063E35-10C6-4961-8783-F5E90435B9BD}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{2ED9ABB2-A829-4B1C-92FC-080291D4FA32}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{348C1A97-A0AA-468E-B246-FB0F6CB45DBF}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{38BA18B3-E756-4513-A183-DE9C8E4861D0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3AA9EA04-CF19-4A96-BFDD-C8C3B7D56CB5}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3D3AA2FA-9947-4B00-BBB3-2DE9CDA89A50}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3E87B35F-CB20-43A9-A546-0280512C5ADA}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3FA5DA91-2726-4682-8CF4-BCF7AFFCCAD0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{4DF9438C-5180-4609-9212-FA7A752A182A}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{54FBDAC6-B73D-41EB-8B83-8AD7134C2EC0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{5BE6E876-19AC-4F1B-A2DD-68D09105B75F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{5E05CD73-3678-4EA3-ADF6-1C34F288B67B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{5F63995E-57D5-4DDE-B9EE-3525AAC20609}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{6077C319-6381-4914-B33C-8F8A7BB66E7F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{62D562D9-30BB-4242-8215-52138755C1E5}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{661F7F7C-CD7D-41C4-93DF-1900E142C09F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{71F47A44-5E99-43BF-9C56-67FD411F2DD1}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{75C40031-70AA-4995-8FFD-5AFB82FC086E}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{766C4889-A602-4A15-82B0-8D016E493B2A}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{8167CFF0-5A03-4BB2-8637-EF4A5FE29EFB}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{8387D07B-845B-4862-B5BE-FE7B90A3422D}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{8A311315-B8C1-43D2-8D9B-DE73A4DF3AAE}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{90B270F1-F33A-4EB5-8E2C-4F481863675B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{911428DC-BC27-4C0A-9421-B2F596F5F1D8}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{93CA0F83-ABD0-43DD-AA0F-E9DE15A8376D}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{94842025-04C3-43AA-A410-E89A248F2776}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{99EF0B4C-6EE9-489A-A1D2-2E66E7DFB934}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{9B5EE141-EE87-4F4A-8F31-3B092D250A95}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{9E92B2B4-5EDE-4B55-A5D7-0E758C0EDFC5}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{A2AFC82F-4375-4453-AA22-1872BCF24917}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{B2654839-51B7-4CC1-8F4B-6D172769A016}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{BB510AE4-018D-4E68-B3D4-8D09B45F36A0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{C3F36302-CF81-4DE6-83B9-1FA02FF1CFF2}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CAFE0E24-C461-4E30-9A21-FADDAC95623B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CB0BE07D-1E73-4DAF-B3A7-F04ABC72E6E7}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CDFF07D6-07E7-4A7C-BE3A-046D2BC34393}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CE528083-849F-46BD-9378-92BE18373B4F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{D9C1B9FD-DB88-4091-B0E9-462D9C0316D1}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{DB0E0391-DA1D-47AD-A027-A1BDF8B4B38F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{DBAFFC96-4FEE-4D3D-B509-EEC642C3EF26}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{DEBE0C0B-1084-472D-A0FC-6D67762370E2}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{F0978CD8-8D91-4EBA-877D-4915E80BCB1B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{FBD0099C-0312-4786-BD08-D1A5312B8DE7}
~~~ FireFox
Successfully deleted the following from C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\e4ga19tc.default\prefs.js
user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1392394072260");
Emptied folder: C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\e4ga19tc.default\minidumps [83 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/14/2014 at 13:10:18.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
I have re-installed chrome and prefer it, has some features I like. Today has been uneventful, you saved my butt, will check back and let you know how it works out.
Thanks
Oscar
-
Chuck,
New avast scan came up clean. The threat detected warnings I am referring to are the little pop ups in the lower right hand screen, they only give you the option that says details and when you click it, it opens a browser page with the name of the threat. I have not had any more of them today. Firefox seems so slow compared to chrome, haven't used it much in a while. Thank you again .....Oscar
-
None of the shields show any event. Is that where I would look?
-
Chrome is not that great, the problem I was having was also happening initially in Fire fox. I have used FF for years and try not to use IE. I will remove chrome and see what happens. While I was typing this I had FF open and avast gave me a threat detected warning, go figure. I am using chrome to post this, may be from that. Will keep you posted, thank you so much for your help........ Oscar
-
Farbar Service Scanner Version: 04-08-2013Ran by Oscar (administrator) on 09-08-2013 at 10:51:22Running from "C:\Users\Oscar\Desktop"Microsoft Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys => MD5 is legitC:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log ****# AdwCleaner v2.306 - Logfile created 08/09/2013 at 10:57:08# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Oscar - OSCAR-HP# Boot Mode : Normal# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] ********** [Registry] ********** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16635[OK] Registry is clean.-\\ Mozilla Firefox v23.0 (en-US)File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\prefs.js[OK] File is clean.-\\ Google Chrome v28.0.1500.95File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R3].txt - [10308 octets] - [08/08/2013 07:38:36]AdwCleaner[R4].txt - [10308 octets] - [08/08/2013 08:27:12]AdwCleaner[R5].txt - [5055 octets] - [08/08/2013 09:04:17]AdwCleaner[R6].txt - [1300 octets] - [08/08/2013 09:27:39]AdwCleaner[s1].txt - [5201 octets] - [08/08/2013 09:07:26]AdwCleaner[s4].txt - [1111 octets] - [09/08/2013 10:57:08]########## EOF - C:\AdwCleaner[s4].txt - [1171 octets] ##########~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.3.9 (08.09.2013:1)OS: Windows 7 Home Premium x64Ran by Oscar on Fri 08/09/2013 at 11:04:39.47~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry Keys~~~ Files~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{9FA7F416-B843-4B21-9044-4481B8B62715}~~~ FireFoxEmptied folder: C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\w6rwbj8v.default\minidumps [1 files]~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Fri 08/09/2013 at 11:12:33.19End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Does this only happen on PCH site ??? no, this morning I clicked on my home page link and it directed me to one of the sites telling me I was a winner in a new tab on chrome.
-
Ran combofix but could not use the laptop and had to restart it, retrieved log from C:
ComboFix 13-08-07.01 - Oscar 08/09/2013 8:58.1.2 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1768 [GMT -4:00]Running from: c:\users\Oscar\Desktop\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..C:\Install.exec:\users\Oscar\AppData\Local\DefineExt\teMP.datc:\windows\SysWow64\Packet.dllc:\windows\SysWow64\pthreadVC.dllc:\windows\SysWow64\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_npf..((((((((((((((((((((((((( Files Created from 2013-07-09 to 2013-08-09 )))))))))))))))))))))))))))))))..2013-08-09 10:06 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1F5F1E4-0741-42CE-A6B8-E62E52297A38}\mpengine.dll2013-08-08 12:34 . 2013-08-08 12:34 -------- d-----w- c:\windows\ERUNT2013-08-05 20:20 . 2013-08-05 20:20 -------- d-----w- c:\program files\Uninstaller2013-08-05 20:10 . 2013-08-09 13:05 -------- d-----w- c:\users\Oscar\AppData\Local\DefineExt2013-08-05 14:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll2013-08-05 14:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys2013-08-05 14:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys2013-08-05 14:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll2013-08-05 14:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll2013-08-05 14:41 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll2013-08-05 14:41 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll2013-07-30 20:30 . 2013-07-30 20:30 -------- d-----w- c:\users\Oscar\AppData\Local\CrashDumps2013-07-30 17:50 . 2013-07-30 17:50 -------- d-----w- c:\users\Oscar\AppData\Roaming\OpenOffice2013-07-30 17:12 . 2013-07-30 17:12 -------- d-----w- c:\program files (x86)\OpenOffice 42013-07-29 23:20 . 2013-07-29 23:20 -------- d-----w- c:\users\Oscar\AppData\Local\CyberLink2013-07-29 23:19 . 2013-08-06 01:07 -------- d-----w- c:\users\Oscar\AppData\Local\Adobe2013-07-29 22:06 . 2013-07-29 22:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2013-07-29 22:06 . 2013-07-29 22:06 -------- d-----w- c:\program files (x86)\Java2013-07-29 21:12 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2013-07-29 21:12 . 2013-07-29 21:13 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys2013-07-29 21:12 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-07-29 21:12 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys2013-07-29 21:12 . 2013-07-29 21:13 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys2013-07-29 21:12 . 2013-07-29 21:13 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-07-29 21:12 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-07-29 21:12 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2013-07-29 21:12 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe2013-07-29 21:11 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr2013-07-29 21:11 . 2013-07-29 21:11 -------- d-----w- c:\program files\AVAST Software2013-07-29 19:10 . 2013-07-29 19:10 -------- d-----w- c:\users\Oscar\AppData\Local\Apps2013-07-29 19:10 . 2013-07-29 19:13 -------- d-----w- c:\users\Oscar\AppData\Local\Deployment2013-07-29 17:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll2013-07-29 17:44 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll2013-07-29 17:44 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2013-07-29 17:44 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2013-07-29 17:41 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll2013-07-29 17:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll2013-07-29 17:41 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll2013-07-29 17:41 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll2013-07-29 17:41 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll2013-07-29 17:41 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe2013-07-29 17:41 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll2013-07-29 17:41 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll2013-07-29 17:39 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll2013-07-29 17:39 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll2013-07-29 17:39 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe2013-07-29 17:39 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll2013-07-29 17:39 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll2013-07-29 17:39 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll2013-07-29 17:39 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll2013-07-29 17:39 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll2013-07-29 17:39 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll2013-07-29 17:39 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll2013-07-25 23:01 . 2013-08-05 15:24 -------- d-----w- c:\windows\system32\MRT...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2013-08-06 01:07 . 2013-02-18 13:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-08-06 01:07 . 2013-02-18 13:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-07-29 22:06 . 2012-07-01 11:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll2013-07-29 22:06 . 2012-07-01 11:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll2013-07-29 14:38 . 2012-05-29 23:02 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll2013-07-03 08:32 . 2013-07-03 08:32 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys2013-06-24 04:57 . 2012-05-30 21:46 78277128 ----a-w- c:\windows\system32\MRT.exe2013-06-04 04:53 . 2013-07-10 10:39 509440 ----a-w- c:\windows\SysWow64\qedit.dll2013-05-13 05:51 . 2013-06-12 10:36 139776 ----a-w- c:\windows\system32\cryptnet.dll2013-05-13 03:08 . 2013-06-12 10:36 903168 ----a-w- c:\windows\SysWow64\certutil.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-11-21 3289088].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816].c:\users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2013-7-11 117248].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 aswRvrt;aswRvrt; [x]S0 aswVmm;aswVmm; [x]S1 aswSnx;aswSnx; [x]S1 aswSP;aswSP; [x]S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]S2 aswFsBlk;aswFsBlk; [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - WS2IFSL.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2013-07-30 15:19 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 01:07].2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54].2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54].2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08].2013-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600]"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>TCP: DhcpNameServer = 10.0.0.1FF - ProfilePath - c:\users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\FF - ExtSQL: 2013-06-21 10:45; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}FF - ExtSQL: 2013-07-29 13:29; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF.- - - - ORPHANS REMOVED - - - -.BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\Oscar\AppData\Local\DefineExt\temp.datHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeAddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe...--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files\AVAST Software\Avast\AvastSvc.exec:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exec:\program files (x86)\CyberLink\YouCam\YCMMirage.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2013-08-09 09:16:01 - machine was rebootedComboFix-quarantined-files.txt 2013-08-09 13:16.Pre-Run: 151,355,138,048 bytes freePost-Run: 150,935,908,352 bytes free.- - End Of File - - F280524901FF03C69BE56B851C837CA7D41D8CD98F00B204E9800998ECF8427E -
Hi Chuck,I was confident you had removed the problem with my lap top yesterday but this morning I was redirected to the same pages as before a couple of times.Something is lingering, Ihope you can help me get rid of it. I would like to add that I may be just be typing a text document while I have chrome browser open and Avast will show a pop up that it has blocked a virus or malware.You mentioned yesterday that 2 AVs may conflict, I already knew that but I am certain Defender is turned off, should 1 of the 2 be uninstalled?Thank you
-
-
Chuck, thank you very much, I would PM you if I could figure it out, will let you know how it works out, so far it looks like you did it, Oscar
-
I think I figured it out, thank you so much for your help, this is the log you asked for:
All processes killed========== OTL ==========No active process named TeaTimer.exe was found!No active process named SDWinSec.exe was found!HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ not found.Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@nds.com/PCShowPlugin\ not found.Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@nds.com/PlayerPlugin\ not found.C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.Folder C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\ not found.File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected] not found.File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected] not found.File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{dc501fe1-520b-41f2-9421-ecbb2e7f0255}.xpi not found.File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi not found.Registry value HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.Registry value HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.File Protocol\Handler\livecall - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.File Protocol\Handler\msnim - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.File Protocol\Handler\skype4com - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.File Protocol\Handler\wlmailhtml - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.File Protocol\Handler\wlpg - No CLSID value found not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: Oscar->Java cache emptied: 55277 bytesUser: PublicTotal Java Files Cleaned = 0.00 mb[EMPTYFLASH]User: All UsersUser: DefaultUser: Default UserUser: Oscar->Flash cache emptied: 884 bytesUser: PublicTotal Flash Files Cleaned = 0.00 mb[EMPTYTEMP]User: All UsersUser: Default->Temporary Internet Files folder emptied: 33170 bytesUser: Default User->Temporary Internet Files folder emptied: 0 bytesUser: Oscar->Temp folder emptied: 26759535 bytes->Temporary Internet Files folder emptied: 87632091 bytes->Java cache emptied: 0 bytes->FireFox cache emptied: 115958344 bytes->Google Chrome cache emptied: 8994476 bytes->Flash cache emptied: 0 bytesUser: Public%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32 (64bit) .tmp files removed: 3747944 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 36737627 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17904397 bytesRecycleBin emptied: 7070544 bytesTotal Files Cleaned = 291.00 mbC:\Windows\System32\drivers\etc\Hosts moved successfully.HOSTS file reset successfullyRestore point Set: OTL Restore PointOTL by OldTimer - Version 3.2.69.0 log created on 08082013_173350Files\Folders moved on Reboot...C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.PendingFileRenameOperations files...Registry entries deleted on Reboot... -
Did you install/create this >>> C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder, i just need to know ??? yes i did...
uninstalled Spybot - Search & Destroy.
I am unclear what to do with old timer, do not understand what you are telling me to do.
-
Chuck, thank you for your help, I think I set up old timer scan properly, logs follow:OTL logfile created on: 8/8/2013 3:09:13 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.26% Memory free7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.59% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 279.47 Gb Total Space | 140.20 Gb Free Space | 50.17% Space Free | Partition Type: NTFSDrive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFSDrive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/08/08 14:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.comPRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2013/07/16 15:53:56 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exePRC - [2013/07/16 15:53:56 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.binPRC - [2013/07/03 04:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exePRC - [2013/07/03 04:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exePRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2012/12/21 18:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exePRC - [2012/12/19 10:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exePRC - [2012/12/19 10:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exePRC - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2012/10/26 11:53:00 | 000,139,792 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exePRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exePRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exePRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exePRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exePRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exePRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exePRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exePRC - [2007/11/20 22:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe========== Modules (No Company Name) ==========MOD - [2013/08/05 10:29:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dllMOD - [2013/07/29 18:29:12 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11c176470524e1843fbbcc571cd0aa88\IAStorUtil.ni.dllMOD - [2013/07/29 18:29:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dllMOD - [2013/07/29 16:49:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dllMOD - [2013/07/29 16:49:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dllMOD - [2013/07/29 16:49:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dllMOD - [2013/07/29 16:48:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dllMOD - [2013/07/29 16:48:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dllMOD - [2013/07/29 16:48:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dllMOD - [2013/07/29 16:48:42 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dllMOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dllMOD - [2013/07/24 20:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dllMOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dllMOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dllMOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dllMOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dllMOD - [2013/07/11 13:33:12 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dllMOD - [2012/12/21 18:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dllMOD - [2012/12/21 18:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dllMOD - [2012/12/21 18:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dllMOD - [2012/12/21 18:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dllMOD - [2012/12/21 18:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dllMOD - [2012/12/21 18:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dllMOD - [2012/12/21 18:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dllMOD - [2012/12/21 18:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dllMOD - [2012/12/21 18:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dllMOD - [2012/12/21 18:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dllMOD - [2012/12/21 18:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dllMOD - [2012/12/21 18:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dllMOD - [2012/12/21 18:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dllMOD - [2012/12/21 18:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dllMOD - [2012/12/21 18:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dllMOD - [2012/12/21 18:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dllMOD - [2012/12/21 18:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dllMOD - [2012/12/21 18:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dllMOD - [2012/12/21 18:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dllMOD - [2012/12/21 16:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dllMOD - [2012/12/21 16:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dllMOD - [2012/12/21 16:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll========== Services (SafeList) ==========SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)SRV - [2013/08/07 11:32:55 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/08/05 21:07:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/07/03 04:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)SRV - [2013/07/03 04:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/12/19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)========== Driver Services (SafeList) ==========DRV:64bit: - [2013/07/29 17:13:38 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2013/07/29 17:13:38 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)DRV:64bit: - [2013/07/29 17:13:38 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)DRV:64bit: - [2013/07/03 04:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/10/17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2012/08/03 19:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2011/07/12 23:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/07/12 23:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/05/18 17:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)DRV:64bit: - [2010/12/30 23:46:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2010/11/20 23:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/07/15 20:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://compaq-notebook.us.msn.com/IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 B5 70 84 7D 8F CE 01 [binary data]IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{596B51B8-4A5D-4AEF-8C35-5AFC51C54BC6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{D9D6FF2D-BB9E-48D8-B17F-2FBB4C87AA75}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=032413&q={searchTerms}&src=IE-SearchBoxIE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>========== FireFox ==========FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.15.0FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0FF - prefs.js..extensions.enabledAddons: %7Bdc501fe1-520b-41f2-9421-ecbb2e7f0255%7D:1.1.0FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2FF - prefs.js..extensions.enabledAddons: omnibar%40ajitk.com:0.7.19.20130418FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.9.0.12585FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not foundFF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Oscar\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not foundFF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Oscar\AppData\Local\DIRECTV Player\npPlayerPlugin.dll File not foundFF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/07/29 17:12:13 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/07 11:32:38 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/07 11:32:38 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins[2012/09/16 18:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions[2013/08/05 16:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions[2012/06/10 12:03:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}[2013/08/05 16:10:14 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected][2013/07/29 13:02:06 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected][2013/07/29 15:02:19 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected][2013/07/03 06:57:46 | 000,016,622 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{dc501fe1-520b-41f2-9421-ecbb2e7f0255}.xpi[2012/07/07 09:17:48 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi[2013/03/24 14:14:00 | 000,002,402 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\searchplugins\bingp.xml[2013/07/29 13:02:27 | 000,001,635 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\searchplugins\firefox-add-ons.xml[2013/08/07 11:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2013/08/07 11:32:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2013/08/07 11:32:38 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected][2013/08/07 11:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2013/08/07 11:32:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2013/08/07 11:32:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}[2013/07/29 17:12:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF[2013/03/08 09:31:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2013/02/12 17:33:19 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},CHR - homepage: https://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dllCHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dllCHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dllCHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dllCHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dllCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dllCHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Define Ext = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\CHR - Extension: Google Mail Checker Plus Classic = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcalakneigcblgalgpgbanhcmglpjjej\1.0_0\CHR - Extension: FastestChrome - Browse Faster = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\CHR - Extension: FasterPlus = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdikpnjhhckpfiojgpnclnolhofifc\2.7.2_0\CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\13.7_0\CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2013/08/02 08:13:05 | 000,450,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 www.007guard.comO1 - Hosts: 127.0.0.1 007guard.comO1 - Hosts: 127.0.0.1 008i.comO1 - Hosts: 127.0.0.1 www.008k.comO1 - Hosts: 127.0.0.1 008k.comO1 - Hosts: 127.0.0.1 www.00hq.comO1 - Hosts: 127.0.0.1 00hq.comO1 - Hosts: 127.0.0.1 010402.comO1 - Hosts: 127.0.0.1 www.032439.comO1 - Hosts: 127.0.0.1 032439.comO1 - Hosts: 127.0.0.1 www.0scan.comO1 - Hosts: 127.0.0.1 0scan.comO1 - Hosts: 127.0.0.1 www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.comO1 - Hosts: 127.0.0.1 www.1001namen.comO1 - Hosts: 127.0.0.1 100888290cs.comO1 - Hosts: 127.0.0.1 www.100888290cs.comO1 - Hosts: 127.0.0.1 www.100sexlinks.comO1 - Hosts: 127.0.0.1 100sexlinks.comO1 - Hosts: 127.0.0.1 www.10sek.comO1 - Hosts: 127.0.0.1 10sek.comO1 - Hosts: 127.0.0.1 www.1-2005-search.comO1 - Hosts: 127.0.0.1 1-2005-search.comO1 - Hosts: 127.0.0.1 www.123fporn.infoO1 - Hosts: 15467 more lines...O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Oscar\AppData\Local\DefineExt\temp.dat ()O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [] File not foundO4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - Startup: C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk = C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03FDA5F7-90B6-4437-B725-7C854F9F4C21}: DhcpNameServer = 192.168.72.2O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013/08/08 14:58:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com[2013/08/08 14:34:10 | 000,957,230 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Oscar\Desktop\JRT.exe[2013/08/08 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\AdwCleaner[2013/08/08 12:46:35 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\mwbytes quick scan[2013/08/08 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2013/08/08 12:30:00 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe[2013/08/08 12:26:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\aswmbr log[2013/08/08 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\adwcleaner log[2013/08/08 11:39:16 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\mwbytes safe mode[2013/08/08 11:37:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Oscar\Desktop\aswMBR.exe[2013/08/08 08:50:01 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\jrt scan[2013/08/08 08:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT[2013/08/08 08:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller[2013/08/07 11:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2013/08/05 16:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller[2013/08/05 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext[2013/08/05 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\DefineExt[2013/08/05 11:24:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll[2013/08/05 11:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll[2013/08/05 11:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe[2013/08/05 11:24:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys[2013/08/05 11:24:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys[2013/08/05 11:24:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys[2013/08/05 11:24:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll[2013/08/05 11:24:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll[2013/08/05 11:24:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll[2013/08/05 11:24:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll[2013/08/05 11:24:35 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll[2013/08/05 11:24:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll[2013/08/05 11:24:35 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll[2013/08/05 11:24:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll[2013/08/05 11:24:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe[2013/08/05 11:24:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll[2013/08/05 11:24:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll[2013/08/05 11:24:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll[2013/08/05 11:24:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll[2013/08/05 11:24:34 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll[2013/08/05 11:24:34 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe[2013/08/05 11:24:34 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe[2013/08/05 11:24:34 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe[2013/08/05 11:24:33 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013/08/05 11:24:33 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013/08/05 10:41:57 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll[2013/08/02 13:53:52 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\sally mae owed[2013/07/31 17:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth[2013/07/30 16:30:42 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\CrashDumps[2013/07/30 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\medical login[2013/07/30 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\OpenOffice[2013/07/30 13:13:51 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0[2013/07/30 13:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4[2013/07/29 19:34:34 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\avast and aws clear[2013/07/29 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\CyberLink[2013/07/29 19:19:46 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Adobe[2013/07/29 18:06:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/07/29 18:06:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2013/07/29 18:06:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2013/07/29 18:06:43 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2013/07/29 18:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java[2013/07/29 18:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN[2013/07/29 17:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus[2013/07/29 17:12:48 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys[2013/07/29 17:12:47 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys[2013/07/29 17:12:43 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys[2013/07/29 17:12:42 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys[2013/07/29 17:12:41 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys[2013/07/29 17:12:34 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys[2013/07/29 17:12:33 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe[2013/07/29 17:11:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr[2013/07/29 17:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software[2013/07/29 16:20:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll[2013/07/29 16:20:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll[2013/07/29 16:20:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013/07/29 16:20:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013/07/29 16:20:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe[2013/07/29 16:20:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe[2013/07/29 16:20:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll[2013/07/29 16:20:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013/07/29 16:20:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013/07/29 16:20:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll[2013/07/29 16:20:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013/07/29 16:20:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013/07/29 16:20:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013/07/29 16:20:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013/07/29 16:20:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013/07/29 15:42:21 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\security[2013/07/29 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Apps[2013/07/29 15:10:51 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Deployment[2013/07/29 13:44:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll[2013/07/29 13:44:04 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013/07/29 13:41:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013/07/29 13:41:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll[2013/07/29 13:41:03 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013/07/29 13:41:03 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe[2013/07/29 13:39:43 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll[2013/07/29 13:39:43 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll[2013/07/29 13:39:38 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe[2013/07/29 13:39:37 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll[2013/07/29 13:39:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll[2013/07/29 13:39:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll[2013/07/29 13:38:56 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013/07/29 13:38:56 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe[2013/07/29 13:38:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe[2013/07/29 13:38:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe[2013/07/29 13:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll[2013/07/29 13:38:52 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/07/29 13:38:52 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/07/29 13:38:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll[2013/07/29 13:38:46 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll[2013/07/29 13:38:36 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll[2013/07/29 13:38:36 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys[2013/07/29 13:38:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll[2013/07/29 13:38:10 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL[2013/07/29 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\ff downloads[2013/07/28 11:08:59 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\IF I DIE OPEN THIS folder[2013/07/25 19:01:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT[2013/07/20 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\bugs[2013/07/13 15:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Accelerator[2013/07/13 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit[2013/07/10 06:39:57 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll[2013/07/10 06:39:55 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL[2013/07/09 18:56:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com[2013/07/09 18:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HurricaneSoftware.com[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/08/08 15:04:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/08/08 15:04:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/08/08 14:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com[2013/08/08 14:54:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/08/08 14:53:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/08/08 14:53:40 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys[2013/08/08 14:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/08/08 14:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job[2013/08/08 14:34:42 | 000,957,230 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Oscar\Desktop\JRT.exe[2013/08/08 14:21:26 | 000,666,633 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe[2013/08/08 14:18:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/08/08 14:00:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\FWGames Updater.job[2013/08/08 12:40:27 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/08/08 12:35:33 | 664,152,984 | ---- | M] () -- C:\Windows\MEMORY.DMP[2013/08/08 12:34:01 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe[2013/08/08 12:17:05 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Oscar\Desktop\aswMBR.exe[2013/08/08 11:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job[2013/08/08 08:19:10 | 000,001,020 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk[2013/08/06 17:45:59 | 000,022,741 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods[2013/08/05 21:07:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/08/05 21:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/08/05 10:27:51 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2013/08/05 10:27:51 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/08/05 10:27:51 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/08/05 10:27:40 | 000,773,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/08/03 15:14:28 | 000,001,142 | ---- | M] () -- C:\Users\Oscar\Desktop\avast and aws clear - Shortcut.lnk[2013/08/02 08:13:05 | 000,450,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/07/31 06:23:51 | 000,294,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/07/30 13:53:13 | 000,001,167 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk[2013/07/30 11:21:50 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2013/07/29 20:46:54 | 000,001,070 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk[2013/07/29 20:20:24 | 000,004,576 | ---- | M] () -- C:\Users\Oscar\Desktop\for facebook - Shortcut.lnk[2013/07/29 19:45:22 | 000,001,023 | ---- | M] () -- C:\Users\Oscar\Desktop\office - Shortcut.lnk[2013/07/29 19:17:10 | 000,002,279 | ---- | M] () -- C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder - Shortcut.lnk[2013/07/29 18:06:32 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll[2013/07/29 18:06:29 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe[2013/07/29 18:06:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe[2013/07/29 18:06:27 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe[2013/07/29 18:06:26 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll[2013/07/29 18:06:25 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll[2013/07/29 17:13:38 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys[2013/07/29 17:13:38 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys[2013/07/29 17:13:38 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys[2013/07/29 17:13:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum[2013/07/29 17:13:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum[2013/07/29 17:13:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum[2013/07/29 17:12:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt[2013/07/26 15:54:51 | 076,674,820 | ---- | M] () -- C:\Users\Oscar\Documents\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe[2013/07/25 18:02:54 | 000,007,605 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ][1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]========== Files Created - No Company Name ==========[2013/08/08 14:21:14 | 000,666,633 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe[2013/08/08 12:40:27 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/08/08 12:35:33 | 664,152,984 | ---- | C] () -- C:\Windows\MEMORY.DMP[2013/08/08 08:19:10 | 000,001,020 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk[2013/07/30 13:53:13 | 000,001,167 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk[2013/07/29 20:46:54 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk[2013/07/29 20:46:54 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk[2013/07/29 20:20:24 | 000,004,576 | ---- | C] () -- C:\Users\Oscar\Desktop\for facebook - Shortcut.lnk[2013/07/29 19:37:28 | 000,001,142 | ---- | C] () -- C:\Users\Oscar\Desktop\avast and aws clear - Shortcut.lnk[2013/07/29 19:31:36 | 000,001,023 | ---- | C] () -- C:\Users\Oscar\Desktop\office - Shortcut.lnk[2013/07/29 19:16:06 | 000,002,279 | ---- | C] () -- C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder - Shortcut.lnk[2013/07/29 17:13:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum[2013/07/29 17:13:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum[2013/07/29 17:13:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum[2013/07/29 17:12:40 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys[2013/07/29 17:12:38 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys[2013/07/29 09:08:42 | 076,674,820 | ---- | C] () -- C:\Users\Oscar\Documents\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe[2013/07/25 18:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin[2012/09/21 19:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll[2012/06/10 20:18:18 | 000,003,004 | ---- | C] () -- C:\Users\Oscar\.swfinfo[2012/06/03 12:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png[2012/05/26 13:42:39 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012/03/24 13:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin[2011/08/17 22:43:18 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll========== ZeroAccess Check ==========[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== LOP Check ==========[2013/03/08 10:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software[2013/03/08 10:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software[2012/12/04 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics[2012/09/12 16:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio[2012/12/01 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee[2013/06/10 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software[2013/07/09 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com[2012/09/22 12:28:24 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia[2012/05/31 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite[2013/07/30 13:50:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice[2012/05/27 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org[2012/05/31 15:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite[2013/08/05 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player[2013/05/09 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan[2012/05/27 09:57:01 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client[2012/11/08 06:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics[2013/02/12 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software[2013/08/08 08:13:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso[2012/08/15 11:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent[2012/05/27 19:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer========== Purity Check ==================== Alternate Data Streams ==========@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34OTL Extras logfile created on: 8/8/2013 3:09:13 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.26% Memory free7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.59% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 279.47 Gb Total Space | 140.20 Gb Free Space | 50.17% Space Free | Partition Type: NTFSDrive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFSDrive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0"DisableUnicastResponsesToMulticastBroadcast" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system |"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system |"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system |"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system |"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system |"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system |"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system |"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system |"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system |"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system |"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system |"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{236B7474-29E2-40AA-9697-BD007BECE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 |"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system |"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{7586B1A7-498A-41A9-A3B7-3188F553767C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |"{802BEC33-0A9F-4C8B-9AFD-7584D8DE5A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{9AD0ED81-848F-442C-B63D-73F415F42F05}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 |"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 |"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 |"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{DA67CB5B-F2E9-4EAC-99DE-20654DCE466D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{E81C0E1C-6059-48C2-9BA2-3DE63FB2225D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |"{F242EA79-9CBD-4D05-B975-9064293C8655}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |"{FAF9837D-D90B-48C2-A8C8-B0AD797EC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |"TCP Query User{C7513D63-3790-4453-ABD5-483C47B4FFD7}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |"UDP Query User{E5F4521A-4EFA-4460-829F-4CF9DA43DC87}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"SynTPDeinstKey" = Synaptics TouchPad Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.3"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 12.0"avast" = avast! Free Antivirus"DMUninstaller" = DMUninstaller"ESET Online Scanner" = ESET Online Scanner v3"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Nokia Suite" = Nokia Suite"Secunia PSI" = Secunia PSI (3.0.0.7011)"VLC media player" = VLC media player 2.0.7"WinLiveSuite" = Windows Live Essentials"WinPcapInst" = WinPcap 4.1.2========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Define Ext" = Define Ext========== Last 20 Event Log Errors ==========[ Application Events ]Error - 8/8/2013 2:54:17 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10Description =[ Hewlett-Packard Events ]Error - 2/24/2013 9:13:57 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: TargetSite: Void UpdateAndDetect()Error - 2/25/2013 10:27:58 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 2/26/2013 10:43:02 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 2/27/2013 9:47:04 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 2/28/2013 9:02:22 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 3/1/2013 9:43:11 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()Error - 3/2/2013 9:15:23 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()Error - 3/3/2013 10:00:10 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 3/3/2013 6:03:37 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3947RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 3/3/2013 6:16:03 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3947RamUtilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()[ HP Software Framework Events ]Error - 12/5/2012 9:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2012/12/05 08:33:48.485|00001B44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/9/2013 9:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/09 08:43:12.852|00001760|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/16/2013 9:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/16 08:44:10.684|000015E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/31 09:05:42.137|000016B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/31 09:05:55.043|00001608|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/31 09:05:59.741|0000016C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5Description = 2013/02/06 11:42:05.729|00001308|Error |ChpqWmiExModule::Start|StartServiceCtrlDispatcherFAILED. Error: 1063Error - 2/14/2013 9:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/02/14 08:12:11.528|00001DD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 2/14/2013 9:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/02/14 08:13:52.142|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 2/14/2013 9:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/02/14 08:14:10.925|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state[ System Events ]Error - 8/8/2013 2:53:50 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dllErrorCode: 126< End of report >< End of report >
-
OTL Extras logfile created on: 8/8/2013 3:09:13 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16635)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.26% Memory free7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.59% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 279.47 Gb Total Space | 140.20 Gb Free Space | 50.17% Space Free | Partition Type: NTFSDrive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFSDrive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [edit] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0"DisableUnicastResponsesToMulticastBroadcast" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system |"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system |"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system |"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system |"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system |"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system |"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system |"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system |"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system |"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system |"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system |"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{236B7474-29E2-40AA-9697-BD007BECE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 |"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system |"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |"{7586B1A7-498A-41A9-A3B7-3188F553767C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |"{802BEC33-0A9F-4C8B-9AFD-7584D8DE5A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"{9AD0ED81-848F-442C-B63D-73F415F42F05}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 |"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 |"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 |"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |"{DA67CB5B-F2E9-4EAC-99DE-20654DCE466D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{E81C0E1C-6059-48C2-9BA2-3DE63FB2225D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |"{F242EA79-9CBD-4D05-B975-9064293C8655}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |"{FAF9837D-D90B-48C2-A8C8-B0AD797EC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |"TCP Query User{C7513D63-3790-4453-ABD5-483C47B4FFD7}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |"UDP Query User{E5F4521A-4EFA-4460-829F-4CF9DA43DC87}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)"CCleaner" = CCleaner"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"SynTPDeinstKey" = Synaptics TouchPad Driver[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.3"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Adobe Shockwave Player" = Adobe Shockwave Player 12.0"avast" = avast! Free Antivirus"DMUninstaller" = DMUninstaller"ESET Online Scanner" = ESET Online Scanner v3"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Nokia Suite" = Nokia Suite"Secunia PSI" = Secunia PSI (3.0.0.7011)"VLC media player" = VLC media player 2.0.7"WinLiveSuite" = Windows Live Essentials"WinPcapInst" = WinPcap 4.1.2========== HKEY_USERS Uninstall List ==========[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Define Ext" = Define Ext========== Last 20 Event Log Errors ==========[ Application Events ]Error - 8/8/2013 2:54:17 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10Description =[ Hewlett-Packard Events ]Error - 2/24/2013 9:13:57 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: TargetSite: Void UpdateAndDetect()Error - 2/25/2013 10:27:58 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 2/26/2013 10:43:02 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 2/27/2013 9:47:04 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 2/28/2013 9:02:22 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 3/1/2013 9:43:11 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()Error - 3/2/2013 9:15:23 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()Error - 3/3/2013 10:00:10 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exeVersion:06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeFormat:en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()Error - 3/3/2013 6:03:37 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3947RamUtilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()Error - 3/3/2013 6:16:03 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Message:Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()Source:HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\ProgramFiles (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3947RamUtilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()[ HP Software Framework Events ]Error - 12/5/2012 9:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2012/12/05 08:33:48.485|00001B44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/9/2013 9:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/09 08:43:12.852|00001760|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/16/2013 9:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/16 08:44:10.684|000015E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/31 09:05:42.137|000016B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/31 09:05:55.043|00001608|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/01/31 09:05:59.741|0000016C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5Description = 2013/02/06 11:42:05.729|00001308|Error |ChpqWmiExModule::Start|StartServiceCtrlDispatcherFAILED. Error: 1063Error - 2/14/2013 9:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/02/14 08:12:11.528|00001DD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 2/14/2013 9:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/02/14 08:13:52.142|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio stateError - 2/14/2013 9:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5Description = 2013/02/14 08:14:10.925|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state[ System Events ]Error - 8/8/2013 2:53:50 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dllErrorCode: 126< End of report >
-
I have not figured out how to pm, like I said I am impaired. 2 logs to follow:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.3.8 (08.07.2013:4)OS: Windows 7 Home Premium x64Ran by Oscar on Thu 08/08/2013 at 14:36:15.53~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry Values~~~ Registry KeysSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech~~~ Files~~~ FoldersSuccessfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{7E6CF47A-7CC9-4245-B3EA-0455B6B85A0C}~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Thu 08/08/2013 at 14:45:07.28End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~# AdwCleaner v2.306 - Logfile created 08/08/2013 at 09:07:26# Updated 19/07/2013 by Xplode# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)# User : Oscar - OSCAR-HP# Boot Mode : Normal# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe# Option [Delete]***** [services] ********** [Files / Folders] *****Folder Deleted : C:\Program Files (x86)\Common Files\SpeedbitFolder Deleted : C:\ProgramData\SpeedbitFolder Deleted : C:\Users\Oscar\AppData\LocalLow\SpeedbitFolder Deleted : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\jetpackFolder Deleted : C:\Users\Oscar\AppData\Roaming\ParetoLogic***** [Registry] *****Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.comKey Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.comKey Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16635[OK] Registry is clean.-\\ Mozilla Firefox v23.0 (en-US)File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\prefs.js-\\ Google Chrome v28.0.1500.95File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Preferences[OK] File is clean.*************************AdwCleaner[R3].txt - [10308 octets] - [08/08/2013 07:38:36]AdwCleaner[R4].txt - [10308 octets] - [08/08/2013 08:27:12]AdwCleaner[R5].txt - [5055 octets] - [08/08/2013 09:04:17]AdwCleaner[s1].txt - [4997 octets] - [08/08/2013 09:07:26]AdwCleaner[s2].txt - [12990 octets] - [12/12/2012 15:10:46]AdwCleaner[s3].txt - [1533 octets] - [12/12/2012 15:22:39]########## EOF - C:\AdwCleaner[s1].txt - [5178 octets] ########## -
I have something in my windows 7 laptop, when I go to PCH website it redirects me to a survey site or a site that says " congratulations, you are the 100,000th visitor, choose your prize". I have run avast scan and it found something, also ran malware bytes and it found 2 items. Eset online scanner came up clean. I am not good with windows 7 and I am impaired as the result of a stroke so if I get help from someone they will need to be patient with me. I am not sure what to do first other than start a new thread. thank you for assistance in advance. What's next?
MBAM quick scan log follows: Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.orgDatabase version: v2013.08.08.05Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635Oscar :: OSCAR-HP [administrator]8/8/2013 12:46:08 PMmbam-log-2013-08-08 (12-46-08).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 202356Time elapsed: 4 minute(s), 56 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 2C:\Users\Oscar\Downloads\FlashPlayer_V.31271309c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.C:\Users\Oscar\Downloads\FlashPlayer_V.9757561c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.
utop.it - wow search in internet explorer
in Malware Removal
Posted
# AdwCleaner v3.018 - Report created 14/02/2014 at 15:46:28
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Oscar - OSCAR-HP
# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.16518
-\\ Mozilla Firefox v27.0 (en-US)
[ File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\prefs.js ]
Line Deleted : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1392401386371");
-\\ Google Chrome v32.0.1700.107
[ File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3478 octets] - [14/02/2014 10:15:00]
AdwCleaner[R1].txt - [3525 octets] - [14/02/2014 10:20:10]
AdwCleaner[R2].txt - [1169 octets] - [14/02/2014 10:29:01]
AdwCleaner[R3].txt - [1290 octets] - [14/02/2014 15:41:59]
AdwCleaner[s0].txt - [3608 octets] - [14/02/2014 10:22:30]
AdwCleaner[s1].txt - [1233 octets] - [14/02/2014 11:02:59]
AdwCleaner[s2].txt - [1213 octets] - [14/02/2014 15:46:28]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1273 octets] ##########
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.02.14.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Oscar :: OSCAR-HP [administrator]
2/14/2014 4:07:06 PM
mbam-log-2014-02-14 (16-07-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218385
Time elapsed: 4 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
OTL logfile created on: 2/14/2014 4:18:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.46% Memory free
7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 224.06 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/02/14 16:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/31 18:16:10 | 000,064,384 | ---- | M] (Google) -- C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
PRC - [2014/01/28 01:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/07 14:44:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 17:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/10/26 10:53:00 | 000,139,792 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2014/02/12 15:30:44 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/12 15:30:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 15:00:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 14:57:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 14:57:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 14:57:21 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 14:57:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 14:56:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 14:56:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 14:56:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 13:03:09 | 000,181,760 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\plugin\ace.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/28 01:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/02 19:39:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/12/21 17:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/12/21 17:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/12/21 17:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/12/21 17:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/12/21 17:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/12/21 17:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/12/21 17:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/12/21 17:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/12/21 17:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/12/21 17:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/12/21 17:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/12/21 17:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/12/21 17:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/12/21 17:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/12/21 17:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/12/21 17:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/12/21 17:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/12/21 17:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/12/21 17:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/12/21 15:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/12/21 15:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/12/21 15:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/10 11:11:04 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/02/06 09:20:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 06:39:39 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe -- (Security Updates Service)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/01/07 14:44:56 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/07 14:44:13 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/07 14:44:13 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/07 14:44:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/07 14:44:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/02 19:39:35 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/02 19:39:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/10 11:10:40 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/10 11:07:40 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/10 11:07:17 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/10 11:06:29 | 000,883,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/07/03 03:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/03 18:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/12 22:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 22:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 16:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}
IE:64bit: - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "wow search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://centurylink.net/"
FF - prefs.js..extensions.enabledAddons: firefox-autofill%40googlegroups.com:3.6
FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.7.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - prefs.js..keyword.URL: "http://myvdo.tv/"
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/08 13:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2013/08/09 12:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
[2014/02/13 20:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions
[2014/02/13 20:56:17 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/10 08:01:43 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/01/25 13:05:57 | 000,067,503 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/06 06:54:45 | 000,093,438 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/01/27 07:14:35 | 000,215,649 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/13 06:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/13 06:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/13 06:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/06 14:02:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2014/02/08 13:45:11 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: Hangouts = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Google Wallet = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2014/02/14 12:49:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/02/14 16:13:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 15:55:31 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\CLEANING
[2014/02/14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/14 13:25:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/14 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/14 12:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/02/14 12:49:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/02/14 12:35:00 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\security 2
[2014/02/14 10:14:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/14 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Diagnostics
[2014/02/14 07:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/02/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOWTrojan Removal Tool
[2014/02/12 14:34:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 14:33:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 14:33:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 14:33:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 14:33:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 14:33:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 14:33:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 14:33:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 14:33:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 14:33:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 14:33:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 14:33:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 14:33:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 14:33:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 14:33:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 14:33:17 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 14:33:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 14:33:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 14:33:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 14:33:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 14:33:10 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 14:32:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 14:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 14:11:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 14:10:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 14:10:41 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 14:10:40 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 14:10:40 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 14:10:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 14:10:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 14:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\New folder (2)
[2014/02/09 16:48:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/02/09 16:48:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/02/09 16:48:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/02/09 16:48:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/02/08 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wow search
[2014/02/08 13:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iomega
[2014/02/08 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2014/02/07 12:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/06 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Updates Service
[2014/02/06 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\dwhelper
[2014/02/06 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/01/24 17:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/01/23 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Downloaded Installations
[2014/01/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\turbotax return
========== Files - Modified Within 30 Days ==========
[2014/02/14 16:21:24 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/14 16:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 16:04:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:58:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:58:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/14 15:58:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/14 15:52:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/14 15:47:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/14 15:47:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/14 15:47:34 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 15:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
[2014/02/14 15:40:47 | 001,166,132 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 12:49:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/14 07:51:19 | 000,001,246 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | M] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/13 19:41:34 | 000,788,260 | ---- | M] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/13 19:41:30 | 000,108,326 | ---- | M] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/13 17:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
[2014/02/13 10:48:25 | 000,015,010 | ---- | M] () -- C:\Users\Oscar\Documents\credit card.ods
[2014/02/13 10:44:48 | 000,025,861 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods
[2014/02/13 08:38:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/02/12 14:36:47 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 14:36:47 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 14:36:47 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 14:36:35 | 000,775,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 07:10:14 | 000,013,196 | ---- | M] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/11 08:06:28 | 000,762,694 | ---- | M] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/11 08:06:14 | 001,290,554 | ---- | M] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/10 13:29:14 | 000,083,322 | ---- | M] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | M] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | M] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/07 10:19:57 | 000,001,233 | ---- | M] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 18:21:09 | 000,002,074 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/02/06 18:00:23 | 002,404,326 | ---- | M] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 06:39:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/05 06:39:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/29 11:50:38 | 000,007,605 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2014/01/28 09:59:13 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/21 07:06:38 | 000,010,783 | ---- | M] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
========== Files Created - No Company Name ==========
[2014/02/14 16:04:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:40:27 | 001,166,132 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 07:51:19 | 000,001,246 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | C] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/12 07:10:14 | 000,013,196 | ---- | C] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/10 13:29:14 | 000,083,322 | ---- | C] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | C] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | C] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/08 18:42:58 | 000,762,694 | ---- | C] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/08 18:42:19 | 000,788,260 | ---- | C] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/08 18:42:10 | 001,290,554 | ---- | C] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/08 18:42:10 | 000,108,326 | ---- | C] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/07 10:19:57 | 000,001,233 | ---- | C] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 16:57:25 | 002,404,326 | ---- | C] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/01/21 07:06:36 | 000,010,783 | ---- | C] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 17:56:07 | 000,008,704 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 07:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/09 07:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/09 07:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/09 07:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/09 07:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/25 17:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/21 18:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/06/10 19:18:18 | 000,003,215 | ---- | C] () -- C:\Users\Oscar\.swfinfo
[2012/06/03 11:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2012/05/26 12:42:39 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 12:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\2BrightSparks
[2013/10/09 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AffiliatedUpdate
[2012/12/04 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2013/12/02 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AVAST Software
[2012/09/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio
[2012/12/01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee
[2013/06/10 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software
[2013/07/09 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com
[2014/02/08 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IObit
[2014/02/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2013/12/19 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leawo
[2014/02/08 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
[2012/05/31 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
[2014/02/08 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice
[2014/02/08 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org
[2012/05/31 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
[2013/08/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player
[2013/05/09 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan
[2014/02/08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client
[2012/11/08 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Thunderbird
[2013/12/19 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\tiger-k
[2013/02/12 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software
[2014/02/08 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso
[2012/08/15 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent
[2012/05/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34
< End of report >
OTL Extras logfile created on: 2/14/2014 4:18:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.86 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.46% Memory free
7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 224.06 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system |
"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system |
"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system |
"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{236B7474-29E2-40AA-9697-BD007BECE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{25EB077E-1482-4657-A144-A3A280199E6A}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\temp\7zsf101.tmp\symnrt.exe |
"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 |
"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system |
"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{448E495D-606E-45BF-AB40-FB73683B2479}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\temp\7zs33ea.tmp\symnrt.exe |
"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{6457F1FC-BEFF-4C5A-ACA8-73FE0572585E}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{7586B1A7-498A-41A9-A3B7-3188F553767C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{7F59762B-79F3-43AC-8EED-14FE6F4840C1}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{802BEC33-0A9F-4C8B-9AFD-7584D8DE5A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{97C26BC9-C50E-4492-B059-EC484B1E744C}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\temp\7zsf101.tmp\symnrt.exe |
"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AD0ED81-848F-442C-B63D-73F415F42F05}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C2AC5E22-7A75-436B-84A1-83E342994A9E}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\temp\7zs33ea.tmp\symnrt.exe |
"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 |
"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DA67CB5B-F2E9-4EAC-99DE-20654DCE466D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E81C0E1C-6059-48C2-9BA2-3DE63FB2225D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{F242EA79-9CBD-4D05-B975-9064293C8655}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |
"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FA4B4A86-364D-48F3-B892-97BF5B237952}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{FAF9837D-D90B-48C2-A8C8-B0AD797EC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |
"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{C7513D63-3790-4453-ABD5-483C47B4FFD7}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |
"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{E5F4521A-4EFA-4460-829F-4CF9DA43DC87}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}" = Python 2.7.6 (64-bit)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{e9d90870-ab19-32a8-aa93-f8348ba21d05}" = Python 3.3.3 (64-bit)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics TouchPad Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1" = VSO EVE Network Driver version 0.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52793F88-BF4D-4AA6-8696-80E72CE758B1}" = Adobe Flash Player 12 ActiveX
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934168C8-55AC-4593-A138-E64BA8367E6E}" = Adobe Flash Player 12 Plugin
"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{c32d80cc-20d1-386b-b1e2-cce219263394}" = Python 3.4.0b1
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1" = VSO Downloader 3.1.0.50
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IObit Surfing Protection_is1" = Surfing Protection
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"Mozilla Thunderbird 24.3.0 (x86 en-US)" = Mozilla Thunderbird 24.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AffiliatedUpdate" = Extended Update
"Should I Remove It 1.0.4" = Should I Remove It
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 2/14/2014 2:16:46 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
Error - 2/14/2014 3:48:54 PM | Computer Name = Oscar-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 2/14/2014 4:47:51 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
[ Hewlett-Packard Events ]
Error - 2/24/2013 9:13:57 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: TargetSite: Void UpdateAndDetect()
Error - 2/25/2013 10:27:58 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/26/2013 10:43:02 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/27/2013 9:47:04 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 2/28/2013 9:02:22 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 3/1/2013 9:43:11 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 40 TargetSite: Void UpdateAndDetect()
Error - 3/2/2013 9:15:23 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 60 TargetSite: Void UpdateAndDetect()
Error - 3/3/2013 10:00:10 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088 at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Message: One HP Active Check Local Mode job already running. StackTrace:
at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()
at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
Boolean localScan) Source: HP.ActiveCheckLocalMode.SessionManager Name: hpsa_service.exe
Version:
06.00.01.01 Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
en-US RAM: 3947 Ram Utilization: 50 TargetSite: Void UpdateAndDetect()
Error - 3/3/2013 6:03:37 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3947
Ram
Utilization: 60 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
Error - 3/3/2013 6:16:03 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261 at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
Object reference not set to an instance of an object. StackTrace: at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
HP.SupportFramework.Utilities Name: HPSF.exe Version: 07.00.01.01 Path: C:\Program
Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Format: en-US RAM: 3947
Ram
Utilization: 30 TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()
[ HP Software Framework Events ]
Error - 12/5/2012 9:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2012/12/05 08:33:48.485|00001B44|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/9/2013 9:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/09 08:43:12.852|00001760|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/16/2013 9:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/16 08:44:10.684|000015E4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:42.137|000016B0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:55.043|00001608|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:59.741|0000016C|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5
Description = 2013/02/06 11:42:05.729|00001308|Error |ChpqWmiExModule::Start|StartServiceCtrlDispatcher
FAILED. Error: 1063
Error - 2/14/2013 9:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:12:11.528|00001DD0|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/14/2013 9:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:13:52.142|00001810|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
Error - 2/14/2013 9:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:14:10.925|000006C4|Error |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
[ System Events ]
Error - 2/14/2014 2:16:33 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126
Error - 2/14/2014 4:47:41 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll
Error
Code: 126
Error - 2/14/2014 4:52:39 PM | Computer Name = Oscar-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
< End of report >