Firefox and chrome being redirected

[ore262]

I have something in my windows 7 laptop, when I go to PCH website it redirects me to a survey site or a site that says " congratulations, you are the 100,000th visitor, choose your prize". I  have run avast scan and it found something, also ran malware bytes and it found 2 items. Eset online scanner came up clean. I am not good with windows 7 and I am impaired as the result of a stroke so if I get help from someone they will need to be patient with me. I am not sure what to do first other than start a new thread. thank  you for assistance in advance. What's next?

 

MBAM quick scan log follows:   Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.08.08.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16635

Oscar :: OSCAR-HP [administrator]

 

8/8/2013 12:46:08 PM

mbam-log-2013-08-08 (12-46-08).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 202356

Time elapsed: 4 minute(s), 56 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 2

C:\Users\Oscar\Downloads\FlashPlayer_V.31271309c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.

C:\Users\Oscar\Downloads\FlashPlayer_V.9757561c.exe (Adware.DomaIQ) -> Quarantined and deleted successfully.

Edited August 8, 2013 by ore262

[flashh4]

Hi ore i would be glad to assist you !! The 2 files detected with Malwarebytes is Quarantined and deleted successfully. So they will not give you any problems !! But there may be some more junk that we can remove, lets see what we find !!

 

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner

Please download  adwcleaner by Xplode onto your desktop..
   * Close all open programs and internet browsers.
   * Double click on AdwCleaner.exe to run the tool.
   *  Click on Delete button.
   *  A logfile will automatically open after the scan has finished.
   *  Please post the contents of that logfile with your next reply.
   *  You can find the logfile at C:\AdwCleaner[s1].txt. as well.

 

 

NEXT

 

 

    
Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 

 

 

 

 

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:
1. Junkware Removal Tool log
2. AdwCleaner
3. OTL.txt and Extras.txt (if a Extras.txt is produced)


Thanks
Chuck

[ore262]

I have not figured out how to pm, like I said I am impaired. 2 logs to follow:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.3.8 (08.07.2013:4)

OS: Windows 7 Home Premium x64

Ran by Oscar on Thu 08/08/2013 at 14:36:15.53

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\trolltech

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{7E6CF47A-7CC9-4245-B3EA-0455B6B85A0C}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Thu 08/08/2013 at 14:45:07.28

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

# AdwCleaner v2.306 - Logfile created 08/08/2013 at 09:07:26

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Oscar - OSCAR-HP

# Boot Mode : Normal

# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit

Folder Deleted : C:\ProgramData\Speedbit

Folder Deleted : C:\Users\Oscar\AppData\LocalLow\Speedbit

Folder Deleted : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\jetpack

Folder Deleted : C:\Users\Oscar\AppData\Roaming\ParetoLogic

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v23.0 (en-US)

 

File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\prefs.js

 

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R3].txt - [10308 octets] - [08/08/2013 07:38:36]

AdwCleaner[R4].txt - [10308 octets] - [08/08/2013 08:27:12]

AdwCleaner[R5].txt - [5055 octets] - [08/08/2013 09:04:17]

AdwCleaner[s1].txt - [4997 octets] - [08/08/2013 09:07:26]

AdwCleaner[s2].txt - [12990 octets] - [12/12/2012 15:10:46]

AdwCleaner[s3].txt - [1533 octets] - [12/12/2012 15:22:39]

 

########## EOF - C:\AdwCleaner[s1].txt - [5178 octets] ##########

[ore262]

OTL Extras logfile created on: 8/8/2013 3:09:13 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oscar\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.26% Memory free

7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 140.20 Gb Free Space | 50.17% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32

 

Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system | 

"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system | 

"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system | 

"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system | 

"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system | 

"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{236B7474-29E2-40AA-9697-BD007BECE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 

"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 | 

"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system | 

"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 

"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{7586B1A7-498A-41A9-A3B7-3188F553767C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{802BEC33-0A9F-4C8B-9AFD-7584D8DE5A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{9AD0ED81-848F-442C-B63D-73F415F42F05}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 

"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 | 

"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 | 

"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 | 

"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DA67CB5B-F2E9-4EAC-99DE-20654DCE466D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E81C0E1C-6059-48C2-9BA2-3DE63FB2225D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{F242EA79-9CBD-4D05-B975-9064293C8655}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe | 

"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{FAF9837D-D90B-48C2-A8C8-B0AD797EC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe | 

"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{C7513D63-3790-4453-ABD5-483C47B4FFD7}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe | 

"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"UDP Query User{E5F4521A-4EFA-4460-829F-4CF9DA43DC87}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SynTPDeinstKey" = Synaptics TouchPad Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.3

"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch

"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation

"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in

"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager

"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1

"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"avast" = avast! Free Antivirus

"DMUninstaller" = DMUninstaller

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nokia Suite" = Nokia Suite

"Secunia PSI" = Secunia PSI (3.0.0.7011)

"VLC media player" = VLC media player 2.0.7

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Define Ext" = Define Ext

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/8/2013 2:54:17 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10

Description = 

 

[ Hewlett-Packard Events ]

Error - 2/24/2013 9:13:57 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization:   TargetSite: Void UpdateAndDetect()  

 

Error - 2/25/2013 10:27:58 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 2/26/2013 10:43:02 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 2/27/2013 9:47:04 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 2/28/2013 9:02:22 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 3/1/2013 9:43:11 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  

 

Error - 3/2/2013 9:15:23 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  

 

Error - 3/3/2013 10:00:10 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 3/3/2013 6:03:37 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program

 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3947

Ram

 Utilization: 60  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 

 

Error - 3/3/2013 6:16:03 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program

 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3947

Ram

 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 

 

[ HP Software Framework Events ]

Error - 12/5/2012 9:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2012/12/05 08:33:48.485|00001B44|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/9/2013 9:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/09 08:43:12.852|00001760|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/16/2013 9:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/16 08:44:10.684|000015E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/31 09:05:42.137|000016B0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/31 09:05:55.043|00001608|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/31 09:05:59.741|0000016C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5

Description = 2013/02/06 11:42:05.729|00001308|Error      |ChpqWmiExModule::Start|StartServiceCtrlDispatcher

 FAILED. Error: 1063

 

Error - 2/14/2013 9:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/02/14 08:12:11.528|00001DD0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 2/14/2013 9:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/02/14 08:13:52.142|00001810|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 2/14/2013 9:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/02/14 08:14:10.925|000006C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

[ System Events ]

Error - 8/8/2013 2:53:50 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll

Error

 Code: 126  

 

 

< End of report >

[flashh4]

Ore, if you want to PM someone just click their avitar or hoover mouse over their name & it will give you a "send message" click it !

 

You are doing great so far with the instructions, we will fix your problem & have a great running computer when i am done !!

Just take your time, there is no hurry ! Do everything & i will let ya know if it's wrong, i am very patient !!

 

Chuck

 

Give me 30 minutes & i will read your logs & back with another fix if we need so !!

[ore262]

Chuck, thank you for your help, I think I set up old timer scan properly, logs follow:

 

 

OTL logfile created on: 8/8/2013 3:09:13 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oscar\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.26% Memory free

7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 140.20 Gb Free Space | 50.17% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32

 

Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2013/08/08 14:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com

PRC - [2013/07/24 20:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

PRC - [2013/07/16 15:53:56 | 009,837,056 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.exe

PRC - [2013/07/16 15:53:56 | 009,828,864 | ---- | M] (Apache Software Foundation) -- C:\Program Files (x86)\OpenOffice 4\program\soffice.bin

PRC - [2013/07/03 04:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe

PRC - [2013/07/03 04:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2013/05/09 04:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012/12/21 18:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

PRC - [2012/12/19 10:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

PRC - [2012/12/19 10:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

PRC - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

PRC - [2012/10/26 11:53:00 | 000,139,792 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

PRC - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

PRC - [2011/08/19 14:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

PRC - [2011/06/28 05:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

PRC - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2011/05/20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

PRC - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2007/11/20 22:11:05 | 003,289,088 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Talk\googletalk.exe

 

 

========== Modules (No Company Name) ==========

 

MOD - [2013/08/05 10:29:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll

MOD - [2013/07/29 18:29:12 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\11c176470524e1843fbbcc571cd0aa88\IAStorUtil.ni.dll

MOD - [2013/07/29 18:29:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\22d36f517c7545fdb65ccddae680a3eb\IAStorCommon.ni.dll

MOD - [2013/07/29 16:49:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll

MOD - [2013/07/29 16:49:29 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll

MOD - [2013/07/29 16:49:06 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll

MOD - [2013/07/29 16:48:58 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll

MOD - [2013/07/29 16:48:53 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll

MOD - [2013/07/29 16:48:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll

MOD - [2013/07/29 16:48:42 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll

MOD - [2013/07/24 20:49:46 | 000,396,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll

MOD - [2013/07/24 20:49:45 | 013,599,184 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll

MOD - [2013/07/24 20:49:44 | 004,052,944 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll

MOD - [2013/07/24 20:48:54 | 000,601,552 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libglesv2.dll

MOD - [2013/07/24 20:48:53 | 000,123,344 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\libegl.dll

MOD - [2013/07/24 20:48:51 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll

MOD - [2013/07/11 13:33:12 | 000,988,160 | ---- | M] () -- C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll

MOD - [2012/12/21 18:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll

MOD - [2012/12/21 18:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll

MOD - [2012/12/21 18:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll

MOD - [2012/12/21 18:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll

MOD - [2012/12/21 18:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll

MOD - [2012/12/21 18:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll

MOD - [2012/12/21 18:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll

MOD - [2012/12/21 18:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll

MOD - [2012/12/21 18:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll

MOD - [2012/12/21 18:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll

MOD - [2012/12/21 18:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll

MOD - [2012/12/21 18:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll

MOD - [2012/12/21 18:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll

MOD - [2012/12/21 18:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll

MOD - [2012/12/21 18:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll

MOD - [2012/12/21 18:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll

MOD - [2012/12/21 18:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll

MOD - [2012/12/21 18:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll

MOD - [2012/12/21 18:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll

MOD - [2012/12/21 16:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll

MOD - [2012/12/21 16:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll

MOD - [2012/12/21 16:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll

 

 

========== Services (SafeList) ==========

 

SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2013/05/09 04:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2009/11/17 21:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)

SRV - [2013/08/07 11:32:55 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013/08/05 21:07:06 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/07/03 04:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)

SRV - [2013/07/03 04:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)

SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/02/28 19:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/19 10:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2012/12/14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012/12/13 15:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)

SRV - [2012/08/10 16:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)

SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)

SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2010/12/30 23:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010/12/30 23:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/12/27 19:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)

SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013/07/29 17:13:38 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)

DRV:64bit: - [2013/07/29 17:13:38 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)

DRV:64bit: - [2013/07/29 17:13:38 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)

DRV:64bit: - [2013/07/03 04:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)

DRV:64bit: - [2013/05/09 04:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)

DRV:64bit: - [2013/05/09 04:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)

DRV:64bit: - [2013/05/09 04:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)

DRV:64bit: - [2013/05/09 04:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV:64bit: - [2013/05/09 04:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012/10/17 14:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)

DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2012/08/03 19:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/07/12 23:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/07/12 23:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/05/20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011/05/18 17:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)

DRV:64bit: - [2011/03/05 03:16:00 | 000,436,840 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/02/15 14:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)

DRV:64bit: - [2010/12/30 23:46:00 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/11/20 23:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)

DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/07/15 20:45:42 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)

DRV:64bit: - [2010/01/18 16:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)

DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 

 

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://compaq-notebook.us.msn.com/

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 B5 70 84 7D 8F CE 01  [binary data]

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope = 

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{596B51B8-4A5D-4AEF-8C35-5AFC51C54BC6}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes\{D9D6FF2D-BB9E-48D8-B17F-2FBB4C87AA75}: "URL" = http://www.bing.com/search?FORM=UP21DF&PC=UP21&dt=032413&q={searchTerms}&src=IE-SearchBox

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 

========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: %7Bab91efd4-6975-4081-8552-1b3922ed79e2%7D:1.0.15.0

FF - prefs.js..extensions.enabledAddons: %7BE6C1199F-E687-42da-8C24-E7770CC3AE66%7D:1.8.0

FF - prefs.js..extensions.enabledAddons: %7Bdc501fe1-520b-41f2-9421-ecbb2e7f0255%7D:1.1.0

FF - prefs.js..extensions.enabledAddons: newtabgoogle%40graememcc.co.uk:1.0.2

FF - prefs.js..extensions.enabledAddons: omnibar%40ajitk.com:0.7.19.20130418

FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489

FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.9.0.12585

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )

FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Oscar\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Oscar\AppData\Local\DIRECTV Player\npPlayerPlugin.dll File not found

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/07/29 17:12:13 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/07 11:32:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/07 11:32:38 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012/09/16 18:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions

[2013/08/05 16:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions

[2012/06/10 12:03:09 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}

[2013/08/05 16:10:14 | 000,000,000 | ---D | M] (Define Ext) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected]

[2013/07/29 13:02:06 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected]

[2013/07/29 15:02:19 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected]

[2013/07/03 06:57:46 | 000,016,622 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{dc501fe1-520b-41f2-9421-ecbb2e7f0255}.xpi

[2012/07/07 09:17:48 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi

[2013/03/24 14:14:00 | 000,002,402 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\searchplugins\bingp.xml

[2013/07/29 13:02:27 | 000,001,635 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\searchplugins\firefox-add-ons.xml

[2013/08/07 11:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2013/08/07 11:32:44 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/08/07 11:32:38 | 000,000,000 | ---D | M] (Define Ext) -- C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

[2013/08/07 11:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions

[2013/08/07 11:32:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2013/08/07 11:32:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2013/07/29 17:12:13 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2013/03/08 09:31:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2013/02/12 17:33:19 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml

 

========== Chrome  ==========

 

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: https://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

CHR - plugin: Nokia Suite Enabler Plugin (Enabled) = C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

CHR - plugin: VLC Web Plugin (Disabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\

CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\

CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Define Ext = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh\1_0\

CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\

CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\

CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\

CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\

CHR - Extension: Google Mail Checker Plus Classic = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcalakneigcblgalgpgbanhcmglpjjej\1.0_0\

CHR - Extension: FastestChrome - Browse Faster = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\7.2.2_0\

CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\

CHR - Extension: FasterPlus = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\obbdikpnjhhckpfiojgpnclnolhofifc\2.7.2_0\

CHR - Extension: Checker Plus for Gmail\u2122 = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj\13.7_0\

CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_0\

CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2013/08/02 08:13:05 | 000,450,636 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 127.0.0.1 www.123fporn.info

O1 - Hosts: 15467 more lines...

O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Define) - {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - C:\Users\Oscar\AppData\Local\DefineExt\temp.dat ()

O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)

O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: []  File not found

O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)

O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)

O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk = C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found

O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03FDA5F7-90B6-4437-B725-7C854F9F4C21}: DhcpNameServer = 192.168.72.2

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2013/08/08 14:58:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com

[2013/08/08 14:34:10 | 000,957,230 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Oscar\Desktop\JRT.exe

[2013/08/08 14:32:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\AdwCleaner

[2013/08/08 12:46:35 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\mwbytes quick scan

[2013/08/08 12:35:38 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013/08/08 12:30:00 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe

[2013/08/08 12:26:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\aswmbr log

[2013/08/08 12:10:56 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\adwcleaner log

[2013/08/08 11:39:16 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\mwbytes safe mode

[2013/08/08 11:37:15 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Oscar\Desktop\aswMBR.exe

[2013/08/08 08:50:01 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\jrt scan

[2013/08/08 08:34:31 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013/08/08 08:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Max Uninstaller

[2013/08/07 11:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/08/05 16:20:03 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller

[2013/08/05 16:10:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Define Ext

[2013/08/05 16:10:07 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\DefineExt

[2013/08/05 11:24:47 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll

[2013/08/05 11:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2013/08/05 11:24:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2013/08/05 11:24:43 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys

[2013/08/05 11:24:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys

[2013/08/05 11:24:42 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys

[2013/08/05 11:24:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll

[2013/08/05 11:24:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll

[2013/08/05 11:24:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll

[2013/08/05 11:24:35 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll

[2013/08/05 11:24:35 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll

[2013/08/05 11:24:35 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll

[2013/08/05 11:24:35 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll

[2013/08/05 11:24:35 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll

[2013/08/05 11:24:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe

[2013/08/05 11:24:35 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll

[2013/08/05 11:24:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll

[2013/08/05 11:24:35 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll

[2013/08/05 11:24:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll

[2013/08/05 11:24:34 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll

[2013/08/05 11:24:34 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe

[2013/08/05 11:24:34 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe

[2013/08/05 11:24:34 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe

[2013/08/05 11:24:33 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll

[2013/08/05 11:24:33 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll

[2013/08/05 10:41:57 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll

[2013/08/02 13:53:52 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\sally mae owed

[2013/07/31 17:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

[2013/07/30 16:30:42 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\CrashDumps

[2013/07/30 15:19:09 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\medical login

[2013/07/30 13:50:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\OpenOffice

[2013/07/30 13:13:51 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0

[2013/07/30 13:12:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice 4

[2013/07/29 19:34:34 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\avast and aws clear

[2013/07/29 19:20:44 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\CyberLink

[2013/07/29 19:19:46 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Adobe

[2013/07/29 18:06:47 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/07/29 18:06:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/07/29 18:06:43 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/07/29 18:06:43 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/07/29 18:06:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2013/07/29 18:01:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

[2013/07/29 17:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus

[2013/07/29 17:12:48 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys

[2013/07/29 17:12:47 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/07/29 17:12:43 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys

[2013/07/29 17:12:42 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys

[2013/07/29 17:12:41 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/07/29 17:12:34 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys

[2013/07/29 17:12:33 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe

[2013/07/29 17:11:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr

[2013/07/29 17:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software

[2013/07/29 16:20:18 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2013/07/29 16:20:17 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2013/07/29 16:20:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll

[2013/07/29 16:20:16 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll

[2013/07/29 16:20:16 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe

[2013/07/29 16:20:16 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe

[2013/07/29 16:20:16 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll

[2013/07/29 16:20:16 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll

[2013/07/29 16:20:16 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe

[2013/07/29 16:20:16 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll

[2013/07/29 16:20:16 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll

[2013/07/29 16:20:14 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2013/07/29 16:20:14 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2013/07/29 16:20:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2013/07/29 16:20:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2013/07/29 15:42:21 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\security

[2013/07/29 15:10:52 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Apps

[2013/07/29 15:10:51 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Deployment

[2013/07/29 13:44:26 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll

[2013/07/29 13:44:04 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll

[2013/07/29 13:41:05 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll

[2013/07/29 13:41:04 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll

[2013/07/29 13:41:03 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll

[2013/07/29 13:41:03 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe

[2013/07/29 13:39:43 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll

[2013/07/29 13:39:43 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll

[2013/07/29 13:39:38 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe

[2013/07/29 13:39:37 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll

[2013/07/29 13:39:37 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll

[2013/07/29 13:39:37 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll

[2013/07/29 13:38:56 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2013/07/29 13:38:56 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2013/07/29 13:38:55 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2013/07/29 13:38:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe

[2013/07/29 13:38:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll

[2013/07/29 13:38:52 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll

[2013/07/29 13:38:52 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll

[2013/07/29 13:38:46 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll

[2013/07/29 13:38:46 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll

[2013/07/29 13:38:36 | 000,624,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll

[2013/07/29 13:38:36 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys

[2013/07/29 13:38:36 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll

[2013/07/29 13:38:10 | 001,887,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL

[2013/07/29 13:10:04 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\ff downloads

[2013/07/28 11:08:59 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\IF I DIE OPEN THIS folder

[2013/07/25 19:01:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT

[2013/07/20 18:48:41 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\bugs

[2013/07/13 15:31:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedBit Video Accelerator

[2013/07/13 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Speedbit

[2013/07/10 06:39:57 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll

[2013/07/10 06:39:55 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL

[2013/07/09 18:56:30 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com

[2013/07/09 18:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HurricaneSoftware.com

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2013/08/08 15:04:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/08/08 15:04:21 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/08/08 14:58:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com

[2013/08/08 14:54:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/08/08 14:53:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/08/08 14:53:40 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys

[2013/08/08 14:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/08/08 14:48:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job

[2013/08/08 14:34:42 | 000,957,230 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Oscar\Desktop\JRT.exe

[2013/08/08 14:21:26 | 000,666,633 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe

[2013/08/08 14:18:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/08/08 14:00:00 | 000,000,256 | ---- | M] () -- C:\Windows\tasks\FWGames Updater.job

[2013/08/08 12:40:27 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/08 12:35:33 | 664,152,984 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2013/08/08 12:34:01 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe

[2013/08/08 12:17:05 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Oscar\Desktop\aswMBR.exe

[2013/08/08 11:48:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job

[2013/08/08 08:19:10 | 000,001,020 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk

[2013/08/06 17:45:59 | 000,022,741 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods

[2013/08/05 21:07:06 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2013/08/05 21:07:06 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2013/08/05 10:27:51 | 000,773,050 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2013/08/05 10:27:51 | 000,660,318 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/08/05 10:27:51 | 000,121,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/08/05 10:27:40 | 000,773,050 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/08/03 15:14:28 | 000,001,142 | ---- | M] () -- C:\Users\Oscar\Desktop\avast and aws clear - Shortcut.lnk

[2013/08/02 08:13:05 | 000,450,636 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/07/31 06:23:51 | 000,294,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/07/30 13:53:13 | 000,001,167 | ---- | M] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk

[2013/07/30 11:21:50 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/07/29 20:46:54 | 000,001,070 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2013/07/29 20:20:24 | 000,004,576 | ---- | M] () -- C:\Users\Oscar\Desktop\for facebook - Shortcut.lnk

[2013/07/29 19:45:22 | 000,001,023 | ---- | M] () -- C:\Users\Oscar\Desktop\office - Shortcut.lnk

[2013/07/29 19:17:10 | 000,002,279 | ---- | M] () -- C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder - Shortcut.lnk

[2013/07/29 18:06:32 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

[2013/07/29 18:06:29 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe

[2013/07/29 18:06:29 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe

[2013/07/29 18:06:27 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe

[2013/07/29 18:06:26 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll

[2013/07/29 18:06:25 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll

[2013/07/29 17:13:38 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys

[2013/07/29 17:13:38 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys

[2013/07/29 17:13:38 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/07/29 17:13:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum

[2013/07/29 17:13:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum

[2013/07/29 17:13:38 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

[2013/07/29 17:12:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2013/07/26 15:54:51 | 076,674,820 | ---- | M] () -- C:\Users\Oscar\Documents\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe

[2013/07/25 18:02:54 | 000,007,605 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg

[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2013/08/08 14:21:14 | 000,666,633 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe

[2013/08/08 12:40:27 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/08/08 12:35:33 | 664,152,984 | ---- | C] () -- C:\Windows\MEMORY.DMP

[2013/08/08 08:19:10 | 000,001,020 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Max Uninstaller.lnk

[2013/07/30 13:53:13 | 000,001,167 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.0.0.lnk

[2013/07/29 20:46:54 | 000,001,070 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

[2013/07/29 20:46:54 | 000,001,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk

[2013/07/29 20:20:24 | 000,004,576 | ---- | C] () -- C:\Users\Oscar\Desktop\for facebook - Shortcut.lnk

[2013/07/29 19:37:28 | 000,001,142 | ---- | C] () -- C:\Users\Oscar\Desktop\avast and aws clear - Shortcut.lnk

[2013/07/29 19:31:36 | 000,001,023 | ---- | C] () -- C:\Users\Oscar\Desktop\office - Shortcut.lnk

[2013/07/29 19:16:06 | 000,002,279 | ---- | C] () -- C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder - Shortcut.lnk

[2013/07/29 17:13:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum

[2013/07/29 17:13:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum

[2013/07/29 17:13:38 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum

[2013/07/29 17:12:40 | 000,189,936 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys

[2013/07/29 17:12:38 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys

[2013/07/29 09:08:42 | 076,674,820 | ---- | C] () -- C:\Users\Oscar\Documents\Apache_OpenOffice_4.0.0_Win_x86_install_en-US.exe

[2013/07/25 18:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg

[2012/12/14 02:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin

[2012/12/14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012/12/14 02:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin

[2012/09/21 19:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll

[2012/06/10 20:18:18 | 000,003,004 | ---- | C] () -- C:\Users\Oscar\.swfinfo

[2012/06/03 12:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png

[2012/05/26 13:42:39 | 000,773,050 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012/03/24 13:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe

[2012/03/19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin

[2012/03/19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin

[2011/08/17 22:43:18 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

 

========== ZeroAccess Check ==========

 

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 

========== LOP Check ==========

 

[2013/03/08 10:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software

[2013/03/08 10:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software

[2012/12/04 18:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics

[2012/09/12 16:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio

[2012/12/01 13:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee

[2013/06/10 18:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software

[2013/07/09 18:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com

[2012/09/22 12:28:24 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia

[2012/05/31 15:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite

[2013/07/30 13:50:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice

[2012/05/27 09:39:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org

[2012/05/31 15:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite

[2013/08/05 16:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player

[2013/05/09 16:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan

[2012/05/27 09:57:01 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client

[2012/11/08 06:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics

[2013/02/12 17:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software

[2013/08/08 08:13:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso

[2012/08/15 11:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent

[2012/05/27 19:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer

 

========== Purity Check ==========

 

 

 

========== Alternate Data Streams ==========

 

@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B

@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34

 

 

 

 

OTL Extras logfile created on: 8/8/2013 3:09:13 PM - Run 1

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oscar\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.16635)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.86 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 52.26% Memory free

7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.59% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 279.47 Gb Total Space | 140.20 Gb Free Space | 50.17% Space Free | Partition Type: NTFS

Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS

Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32

 

Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

 

[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>]

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 0

 

========== Authorized Applications List ==========

 

 

========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system | 

"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system | 

"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system | 

"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system | 

"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system | 

"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system | 

"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system | 

"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system | 

"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 

"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

 

========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{236B7474-29E2-40AA-9697-BD007BECE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 

"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 | 

"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system | 

"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe | 

"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe | 

"{7586B1A7-498A-41A9-A3B7-3188F553767C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{802BEC33-0A9F-4C8B-9AFD-7584D8DE5A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"{9AD0ED81-848F-442C-B63D-73F415F42F05}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe | 

"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 | 

"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 

"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 

"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe | 

"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 | 

"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 | 

"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{DA67CB5B-F2E9-4EAC-99DE-20654DCE466D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe | 

"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 

"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 

"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{E81C0E1C-6059-48C2-9BA2-3DE63FB2225D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe | 

"{F242EA79-9CBD-4D05-B975-9064293C8655}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe | 

"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe | 

"{FAF9837D-D90B-48C2-A8C8-B0AD797EC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe | 

"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"TCP Query User{C7513D63-3790-4453-ABD5-483C47B4FFD7}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe | 

"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 

"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 

"UDP Query User{E5F4521A-4EFA-4460-829F-4CF9DA43DC87}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe | 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables

"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2

"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime

"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager

"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)

"CCleaner" = CCleaner

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"SynTPDeinstKey" = Synaptics TouchPad Driver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player

"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore

"{15CC861C-C69E-3758-8961-CE304C2595B6}" = Google Talk Plugin

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CFE23CC-779D-4572-A76F-AB60A958BC79}" = Adobe Flash Player 11 ActiveX

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.3

"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup

"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module

"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch

"{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}" = OpenOffice 4.0.0

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM

"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation

"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution

"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2

"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1

"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in

"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager

"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center

"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI

"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager

"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4

"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite

"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86

"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1

"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display

"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module

"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 12.0

"avast" = avast! Free Antivirus

"DMUninstaller" = DMUninstaller

"ESET Online Scanner" = ESET Online Scanner v3

"Google Chrome" = Google Chrome

"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Mozilla Firefox 23.0 (x86 en-US)" = Mozilla Firefox 23.0 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"Nokia Suite" = Nokia Suite

"Secunia PSI" = Secunia PSI (3.0.0.7011)

"VLC media player" = VLC media player 2.0.7

"WinLiveSuite" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.1.2

 

========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Define Ext" = Define Ext

 

========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 8/8/2013 2:54:17 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10

Description = 

 

[ Hewlett-Packard Events ]

Error - 2/24/2013 9:13:57 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization:   TargetSite: Void UpdateAndDetect()  

 

Error - 2/25/2013 10:27:58 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 2/26/2013 10:43:02 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 2/27/2013 9:47:04 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 2/28/2013 9:02:22 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 3/1/2013 9:43:11 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  

 

Error - 3/2/2013 9:15:23 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  

 

Error - 3/3/2013 10:00:10 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000

Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:

   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

 

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,

 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe

Version:

 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

Format:

 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  

 

Error - 3/3/2013 6:03:37 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program

 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3947

Ram

 Utilization: 60  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 

 

Error - 3/3/2013 6:16:03 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000

Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Message:

 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()

Source:

 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program

 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3947

Ram

 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 

 

[ HP Software Framework Events ]

Error - 12/5/2012 9:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2012/12/05 08:33:48.485|00001B44|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/9/2013 9:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/09 08:43:12.852|00001760|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/16/2013 9:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/16 08:44:10.684|000015E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/31 09:05:42.137|000016B0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/31 09:05:55.043|00001608|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/01/31 09:05:59.741|0000016C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5

Description = 2013/02/06 11:42:05.729|00001308|Error      |ChpqWmiExModule::Start|StartServiceCtrlDispatcher

 FAILED. Error: 1063

 

Error - 2/14/2013 9:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/02/14 08:12:11.528|00001DD0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 2/14/2013 9:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/02/14 08:13:52.142|00001810|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

Error - 2/14/2013 9:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5

Description = 2013/02/14 08:14:10.925|000006C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error

 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state

 

[ System Events ]

Error - 8/8/2013 2:53:50 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000

Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll

Error

 Code: 126  

 

 

< End of report >

 

< End of report >

[flashh4]

Ore, sorry i took so long but these logs i have to read threw them line by line,i will be back in 10 minutes with a fix !!

 

Thanks

Chuck

[flashh4]

Hi Ore, lets continue with the cleaning !

 

First go to add/remove in control panel & remove  Spybot - Search & Destroy !
Just to let you know that using more than 1 antivirus can lead to a conflict between them. You have Windows Defender & Avast,
but i have run both for a long time & never had any problems with either. So as long as they are not giving you false positives then it's ok !

 

Did you install/create this >>> C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder, i just need to know  ???
 

 

We need to Run an OTL fix !!

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the . Do not include the word Code

:OTLPRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exePRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exeIE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit:'>http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE:64bit: - HKLM\..\SearchScopes\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}: "URL" = http://www.amazon.co...field-keywords={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBoxIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...ebay.com/?_nkw={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll File not foundFF - HKCU\Software\MozillaPlugins\@nds.com/PCShowPlugin: C:\Users\Oscar\AppData\Local\DIRECTV Player\npPCShowPlugin.dll File not foundFF - HKCU\Software\MozillaPlugins\@nds.com/PlayerPlugin: C:\Users\Oscar\AppData\Local\DIRECTV Player\npPlayerPlugin.dll File not found[2012/09/16 18:39:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions[2013/08/05 16:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions[2013/07/29 13:02:06 | 000,019,225 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected][2013/07/29 15:02:19 | 000,069,103 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected][2013/07/03 06:57:46 | 000,016,622 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{dc501fe1-520b-41f2-9421-ecbb2e7f0255}.xpi[2012/07/07 09:17:48 | 000,014,714 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpiO3 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: []  File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands [emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

 

 

Post that log next !!!
 

Thanks

Chuck

 

Let me know how it's running & if you still have that problem please ???

[ore262]

Did you install/create this >>> C:\Users\Oscar\Desktop\IF I DIE OPEN THIS folder, i just need to know  ???  yes i did...

 

uninstalled Spybot - Search & Destroy.

 

I am unclear what to do with old timer, do not understand what  you  are telling me to do.

[flashh4]

Ore, click on OTL icon, which will open it, then copy everything i put inside the big box above, then paste it into the box, then click the Run Fix button at the top, then click ok !!

 

Chuck

[ore262]

I think I figured it out, thank you so much for your help, this is the log you asked for:

 

 

All processes killed

========== OTL ==========

No active process named TeaTimer.exe was found!

No active process named SDWinSec.exe was found!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B1C4BA1C-A0BA-4D13-BE80-E163ED8949FA}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}\ not found.

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@oberon-media.com/ONCAdapter\ not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@nds.com/PCShowPlugin\ not found.

Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@nds.com/PlayerPlugin\ not found.

C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.

Folder C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\ not found.

File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected] not found.

File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\[email protected] not found.

File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{dc501fe1-520b-41f2-9421-ecbb2e7f0255}.xpi not found.

File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi not found.

Registry value HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.

File Protocol\Handler\livecall - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.

File Protocol\Handler\msnim - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.

File Protocol\Handler\skype4com - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.

File Protocol\Handler\wlmailhtml - No CLSID value found not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.

File Protocol\Handler\wlpg - No CLSID value found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll File not found not found.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.

========== COMMANDS ==========

 

[EMPTYJAVA]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Oscar

->Java cache emptied: 55277 bytes

 

User: Public

 

Total Java Files Cleaned = 0.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

 

User: Default User

 

User: Oscar

->Flash cache emptied: 884 bytes

 

User: Public

 

Total Flash Files Cleaned = 0.00 mb

 

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temporary Internet Files folder emptied: 0 bytes

 

User: Oscar

->Temp folder emptied: 26759535 bytes

->Temporary Internet Files folder emptied: 87632091 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 115958344 bytes

->Google Chrome cache emptied: 8994476 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 3747944 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 36737627 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 17904397 bytes

RecycleBin emptied: 7070544 bytes

 

Total Files Cleaned = 291.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.69.0 log created on 08082013_173350

 

Files\Folders moved on Reboot...

C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

 

PendingFileRenameOperations files...

 

Registry entries deleted on Reboot...

[ore262]

Chuck, thank you very much, I would PM you if I could figure it out, will let you know how it works out, so far it looks like you did it, Oscar

[flashh4]

ore we are not threw yet. will be back with some more after i read the log.

 

chuck

[ore262]

ok

[flashh4]

 Ore,That's looking good !

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.


You can now delete any tools we used if they remain on your Desktop.

 

 

===========================

 

 

I know you may have some of these installed, this is just my standard all clean speech !

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:


 1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

  * From within Internet Explorer click on the Tools menu and then click on Options.
   * Click once on the  Security tab
   * Click once on the  Internet icon so it becomes highlighted.
   * Click once on the  Custom Level button.
   * Change the  Download signed ActiveX controls to Prompt
   * Change the  Download unsigned ActiveX controls to Disable
   * Change the  Initialize and script ActiveX controls not marked as safe to Disable
  *  Change the  Installation of desktop items to Prompt
   * Change the  Launching programs and files in an IFRAME to Prompt
   * Change the  Navigate sub-frames across different domains to Prompt
   * When all these settings have been made, click on the  OK button.
   * If it prompts you as to whether or not you want to save the settings, press the  Yes button.
  *  Next press the  Apply button and then the  OK to exit the Internet Properties page.


 2. Enable Protected Mode in Internet Explorer . This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

  *  Open  Internet Explorer
  *  Click on  Tools > Internet Options
  *  Press  Security tab
   * Select Internet zone then place check next to Enable Protected Mode if not already done
  *  Do the same for  Local Intranet, Trusted Sites and  Restricted Sites and then press  Apply
  *  Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.


NOTE: Fire Fox is a great browser also >>> http://www.mozilla.org/en-US/firefox/fx/
I use & like FireFox !!

3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

 4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here. **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:

Online Armor Free Online Armor Free

Agnitum Outpost Firewall Free Agnitum Outpost Firewall

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update Windows update
 regularly to download and install any critical updates and service packs.  Windows Vista/7 users can open the  Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

 6. Consider a custom hosts file such as MVPS HOSTS
 This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002

Note: Be sure to follow the instructions to disable the  DNS Client service  before installing a custom hosts file.

 7. WOT (Web of Trust) WOT As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place
 


A must is a great Antivirus, i recommend you using AVAST its free >>> http://www.avast.com/free-antivirus-download

You are behind on some updates, please visit the Secunia Software Inspector >>>http://secunia.com/vulnerability_scanning/online/   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck

 

Is your problem gone ???

 

It may run a little slow till it has re-booted a few times !! But everything else looks good !!
 

 

To PM someone just click their avitar (picture = my jackalope) then it will give you the "send a message" option, click it then follow promps ! !!!!

[ore262]

Hi Chuck,

I was confident you had removed the problem with my lap top yesterday but this morning I was redirected to the same pages as before a couple of times.Something is lingering, Ihope you can help me get rid of it. I would like to add that I may be just be typing a text document while I have chrome browser open and Avast will show a pop up that it has blocked a virus or malware.You mentioned yesterday that 2 AVs may conflict, I already knew that but I am certain Defender is turned off, should 1 of the 2 be uninstalled?

Thank you

Edited August 9, 2013 by ore262

[flashh4]

Oscar, no you don't have to uninstall one, just keep one shut off if you want. I have both mine running at all times (years) & never had any problems.

 

Does this only happen on PCH site ???

 

Can you post me more info on it ??

 

Ok, lets try a few other tools/programs !

 

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from this location:

Link 1
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link 2
http://www.infospyware.net/antimalware/combofix


* IMPORTANT !!! Save ComboFix.exe to your Desktop



  * Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    *  See this Link >>> http://www.bleepingcomputer.com/forums/topic114351.html <<<  for programs that need to be disabled and instruction on how to disable them.
   
    *  Remember to re-enable them when we're done.

    *  Double click on ComboFix.exe & follow the prompts.

    *  As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    *  Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

 Notes:   

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of  ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.  CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.   

Give it atleast 20-30 minutes to finish if needed.

 Please do not attach the scan results from Combofix. Use copy/paste.   




Post Combofix log next :

 

Thanks

Chuck

[ore262]

Ran combofix but could not use the laptop and had to restart it, retrieved log from C:  

 

ComboFix 13-08-07.01 - Oscar 08/09/2013   8:58.1.2 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3948.1768 [GMT -4:00]

Running from: c:\users\Oscar\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Oscar\AppData\Local\DefineExt\teMP.dat

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((((((((((((   Files Created from 2013-07-09 to 2013-08-09  )))))))))))))))))))))))))))))))

.

.

2013-08-09 10:06 . 2013-07-15 07:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C1F5F1E4-0741-42CE-A6B8-E62E52297A38}\mpengine.dll

2013-08-08 12:34 . 2013-08-08 12:34 -------- d-----w- c:\windows\ERUNT

2013-08-05 20:20 . 2013-08-05 20:20 -------- d-----w- c:\program files\Uninstaller

2013-08-05 20:10 . 2013-08-09 13:05 -------- d-----w- c:\users\Oscar\AppData\Local\DefineExt

2013-08-05 14:41 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll

2013-08-05 14:41 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2013-08-05 14:41 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys

2013-08-05 14:41 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll

2013-08-05 14:41 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll

2013-08-05 14:41 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2013-08-05 14:41 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2013-07-30 20:30 . 2013-07-30 20:30 -------- d-----w- c:\users\Oscar\AppData\Local\CrashDumps

2013-07-30 17:50 . 2013-07-30 17:50 -------- d-----w- c:\users\Oscar\AppData\Roaming\OpenOffice

2013-07-30 17:12 . 2013-07-30 17:12 -------- d-----w- c:\program files (x86)\OpenOffice 4

2013-07-29 23:20 . 2013-07-29 23:20 -------- d-----w- c:\users\Oscar\AppData\Local\CyberLink

2013-07-29 23:19 . 2013-08-06 01:07 -------- d-----w- c:\users\Oscar\AppData\Local\Adobe

2013-07-29 22:06 . 2013-07-29 22:06 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-07-29 22:06 . 2013-07-29 22:06 -------- d-----w- c:\program files (x86)\Java

2013-07-29 21:12 . 2013-05-09 08:59 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-07-29 21:12 . 2013-07-29 21:13 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-07-29 21:12 . 2013-05-09 08:59 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-07-29 21:12 . 2013-05-09 08:59 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-07-29 21:12 . 2013-07-29 21:13 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-07-29 21:12 . 2013-07-29 21:13 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-29 21:12 . 2013-05-09 08:59 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-07-29 21:12 . 2013-05-09 08:59 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-07-29 21:12 . 2013-05-09 08:58 287840 ----a-w- c:\windows\system32\aswBoot.exe

2013-07-29 21:11 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr

2013-07-29 21:11 . 2013-07-29 21:11 -------- d-----w- c:\program files\AVAST Software

2013-07-29 19:10 . 2013-07-29 19:10 -------- d-----w- c:\users\Oscar\AppData\Local\Apps

2013-07-29 19:10 . 2013-07-29 19:13 -------- d-----w- c:\users\Oscar\AppData\Local\Deployment

2013-07-29 17:44 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-29 17:44 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-29 17:44 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-07-29 17:44 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-07-29 17:41 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-29 17:41 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-29 17:41 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-07-29 17:41 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-07-29 17:41 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-07-29 17:41 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-07-29 17:41 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-07-29 17:41 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-07-29 17:39 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-07-29 17:39 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-07-29 17:39 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-07-29 17:39 . 2013-05-13 05:51 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-07-29 17:39 . 2013-05-13 05:51 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-07-29 17:39 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll

2013-07-29 17:39 . 2013-05-13 04:45 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-07-29 17:39 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-07-29 17:39 . 2013-05-13 04:45 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-07-29 17:39 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-07-25 23:01 . 2013-08-05 15:24 -------- d-----w- c:\windows\system32\MRT

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-06 01:07 . 2013-02-18 13:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-06 01:07 . 2013-02-18 13:49 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-29 22:06 . 2012-07-01 11:36 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-07-29 22:06 . 2012-07-01 11:36 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-07-29 14:38 . 2012-05-29 23:02 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-07-03 08:32 . 2013-07-03 08:32 18456 ----a-w- c:\windows\system32\drivers\psi_mf_amd64.sys

2013-06-24 04:57 . 2012-05-30 21:46 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-06-04 04:53 . 2013-07-10 10:39 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-05-13 05:51 . 2013-06-12 10:36 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 03:08 . 2013-06-12 10:36 903168 ----a-w- c:\windows\SysWow64\certutil.exe

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-03-01 18643560]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-11-21 3289088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Oscar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice 4.0.0.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2013-7-11 117248]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-30 15:19 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 01:07]

.

2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54]

.

2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54]

.

2013-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job

- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]

.

2013-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job

- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-09-15 7466600]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\

FF - ExtSQL: 2013-06-21 10:45; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

FF - ExtSQL: 2013-07-29 13:29; [email protected]; c:\program files\AVAST Software\Avast\WebRep\FF

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} - c:\users\Oscar\AppData\Local\DefineExt\temp.dat

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-08-09  09:16:01 - machine was rebooted

ComboFix-quarantined-files.txt  2013-08-09 13:16

.

Pre-Run: 151,355,138,048 bytes free

Post-Run: 150,935,908,352 bytes free

.

- - End Of File - - F280524901FF03C69BE56B851C837CA7

D41D8CD98F00B204E9800998ECF8427E

[ore262]

Does this only happen on PCH site ??? no, this morning I clicked on my home page link and it directed me to one of the sites telling me I  was a winner in a new tab on chrome.

[flashh4]

Oscar, lets try some of the scans as before !!

 

Download and run farbar service scanner http://download.bleepingcomputer.com/farbar/FSS.exe
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

   * Make sure the following options are checked:
        *Internet Services
        *Windows Firewall
        *System Restore
        *Security Center/Action Center
        *Windows Update
        *Windows Defender
   * Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.

 

 

 

NEXT
 

 

 

 

Please download  adwcleaner by Xplode onto your desktop..
   * Close all open programs and internet browsers.
   * Double click on AdwCleaner.exe to run the tool.
   *  Click on Delete button.
   *  A logfile will automatically open after the scan has finished.
   *  Please post the contents of that logfile with your next reply.
   *  You can find the logfile at C:\AdwCleaner[s1].txt. as well.

 

 

 

NEXT

 

 

 

 

Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!

 

 

 

Post next:

1. Farbar log

2. AdwCleaner log

3. Junkware log

 

 

Thanks

Chuck
 

[ore262]

Farbar Service Scanner Version: 04-08-2013

Ran by Oscar (administrator) on 09-08-2013 at 10:51:22

Running from "C:\Users\Oscar\Desktop"

Microsoft Windows 7 Home Premium  Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy: 

==================

 

 

System Restore:

============

 

System Restore Disabled Policy: 

========================

 

 

Action Center:

============

 

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy: 

============================

 

 

Windows Defender:

==============

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

 

 

 

 

# AdwCleaner v2.306 - Logfile created 08/09/2013 at 10:57:08

# Updated 19/07/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Oscar - OSCAR-HP

# Boot Mode : Normal

# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

 

***** [Registry] *****

 

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v10.0.9200.16635

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v23.0 (en-US)

 

File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\w6rwbj8v.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

[OK] File is clean.

 

*************************

 

AdwCleaner[R3].txt - [10308 octets] - [08/08/2013 07:38:36]

AdwCleaner[R4].txt - [10308 octets] - [08/08/2013 08:27:12]

AdwCleaner[R5].txt - [5055 octets] - [08/08/2013 09:04:17]

AdwCleaner[R6].txt - [1300 octets] - [08/08/2013 09:27:39]

AdwCleaner[s1].txt - [5201 octets] - [08/08/2013 09:07:26]

AdwCleaner[s4].txt - [1111 octets] - [09/08/2013 10:57:08]

 

########## EOF - C:\AdwCleaner[s4].txt - [1171 octets] ##########

 

 

 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 5.3.9 (08.09.2013:1)

OS: Windows 7 Home Premium x64

Ran by Oscar on Fri 08/09/2013 at 11:04:39.47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{9FA7F416-B843-4B21-9044-4481B8B62715}

 

 

 

~~~ FireFox

 

Emptied folder: C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\w6rwbj8v.default\minidumps [1 files]

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Fri 08/09/2013 at 11:12:33.19

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[flashh4]

Oscar are you still having the redirects ??

Have you tried a different browser ??

I prefer FireFox for all my needs, and recommend it to all users that i clean their computers !!! I keep IE for a back up but never use it.

I have never used Chrome & have some tell me it's not that good !!

 

I think the problem could be in Chrome, i would delete it & try a different browser for a while, then let me know if you still get redirects !

 

Your thoughts please ??

 

Chuck

[ore262]

Chrome is not that great, the problem I was having was also happening initially  in Fire fox. I have used FF for years and try not to use IE. I will remove chrome and see what happens. While I was typing this I had FF open and avast gave me a threat detected warning, go figure. I am using chrome to post this, may be from that. Will keep you posted, thank you so much for your help........ Oscar

[flashh4]

 Next time get me a report of what the threat says then i can have more to go with or do you have a copy of it ??

You can go into Avast & check for threats or have it do a scan  !!

 

Chuck

[ore262]

None of the shields show any event. Is that where I would look?