Sponsored By

Sign in to follow this  
ore262

utop.it - wow search in internet explorer

Recommended Posts

I have utop.it home page and wow in internet explorer search box. I downloaded a program recently and I guess this was bundled in it. I have attempted to remove it by restoring IE to it's original settings but it is still there. Can you please help me remove it?

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by Oscar on Fri 02/14/2014 at 12:59:04.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Oscar\appdata\local\solid savings"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{02ED242B-D521-4C82-AC57-D88B38AE361E}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{0984FB10-1D61-442F-9965-E0A045DE0E61}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{0E589990-1725-47B6-9BA0-F24F13A340BF}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{2171BB61-6236-4765-BC85-37BB00540AA6}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{24F3EE63-EC36-4F64-A4F6-0F6937681F34}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{24FCEF10-37DD-4C19-9D95-5C362BF4D9E4}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{28063E35-10C6-4961-8783-F5E90435B9BD}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{2ED9ABB2-A829-4B1C-92FC-080291D4FA32}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{348C1A97-A0AA-468E-B246-FB0F6CB45DBF}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{38BA18B3-E756-4513-A183-DE9C8E4861D0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3AA9EA04-CF19-4A96-BFDD-C8C3B7D56CB5}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3D3AA2FA-9947-4B00-BBB3-2DE9CDA89A50}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3E87B35F-CB20-43A9-A546-0280512C5ADA}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{3FA5DA91-2726-4682-8CF4-BCF7AFFCCAD0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{4DF9438C-5180-4609-9212-FA7A752A182A}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{54FBDAC6-B73D-41EB-8B83-8AD7134C2EC0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{5BE6E876-19AC-4F1B-A2DD-68D09105B75F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{5E05CD73-3678-4EA3-ADF6-1C34F288B67B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{5F63995E-57D5-4DDE-B9EE-3525AAC20609}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{6077C319-6381-4914-B33C-8F8A7BB66E7F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{62D562D9-30BB-4242-8215-52138755C1E5}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{661F7F7C-CD7D-41C4-93DF-1900E142C09F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{71F47A44-5E99-43BF-9C56-67FD411F2DD1}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{75C40031-70AA-4995-8FFD-5AFB82FC086E}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{766C4889-A602-4A15-82B0-8D016E493B2A}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{8167CFF0-5A03-4BB2-8637-EF4A5FE29EFB}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{8387D07B-845B-4862-B5BE-FE7B90A3422D}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{8A311315-B8C1-43D2-8D9B-DE73A4DF3AAE}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{90B270F1-F33A-4EB5-8E2C-4F481863675B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{911428DC-BC27-4C0A-9421-B2F596F5F1D8}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{93CA0F83-ABD0-43DD-AA0F-E9DE15A8376D}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{94842025-04C3-43AA-A410-E89A248F2776}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{99EF0B4C-6EE9-489A-A1D2-2E66E7DFB934}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{9B5EE141-EE87-4F4A-8F31-3B092D250A95}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{9E92B2B4-5EDE-4B55-A5D7-0E758C0EDFC5}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{A2AFC82F-4375-4453-AA22-1872BCF24917}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{B2654839-51B7-4CC1-8F4B-6D172769A016}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{BB510AE4-018D-4E68-B3D4-8D09B45F36A0}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{C3F36302-CF81-4DE6-83B9-1FA02FF1CFF2}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CAFE0E24-C461-4E30-9A21-FADDAC95623B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CB0BE07D-1E73-4DAF-B3A7-F04ABC72E6E7}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CDFF07D6-07E7-4A7C-BE3A-046D2BC34393}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{CE528083-849F-46BD-9378-92BE18373B4F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{D9C1B9FD-DB88-4091-B0E9-462D9C0316D1}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{DB0E0391-DA1D-47AD-A027-A1BDF8B4B38F}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{DBAFFC96-4FEE-4D3D-B509-EEC642C3EF26}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{DEBE0C0B-1084-472D-A0FC-6D67762370E2}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{F0978CD8-8D91-4EBA-877D-4915E80BCB1B}
Successfully deleted: [Empty Folder] C:\Users\Oscar\appdata\local\{FBD0099C-0312-4786-BD08-D1A5312B8DE7}



~~~ FireFox

Successfully deleted the following from C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\e4ga19tc.default\prefs.js

user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1392394072260");
Emptied folder: C:\Users\Oscar\AppData\Roaming\mozilla\firefox\profiles\e4ga19tc.default\minidumps [83 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 02/14/2014 at 13:10:18.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Edited by ore262

Share this post


Link to post
Share on other sites

Hi ore262, did you look in add/remove in control panel to see if it's there ??

 

Chuck

Share this post


Link to post
Share on other sites

Do you want to do some clean up & check for unwanted items ??

 

 

Chuck

Share this post


Link to post
Share on other sites

Ore, ok lets get started ! I see you did the Junkware removal tool so let go farther !!

 

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  
 

 

AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.
 

 

 

 

NEXT


MALWAREBYTES with Pics:

Please download Malwarebytes' Anti-Malware to your desktop. Or from Here >> http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html


    * Double-click  mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to  Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware, then click  Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select  Perform quick scan, then click Scan.

mbam-1.jpg


When the scan is complete, click  OK, then  Show Results to view the results.

scan-finished.jpg

    *  Then click  Remove Selected .
    * When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
    * Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    Or via the Logs tab when the application is started.



Please don't attach the scans / logs, use "copy/paste".
 

 

 

 

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   
 

 

 

Post those logs when you get them !! The OTL will be long !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

# AdwCleaner v3.018 - Report created 14/02/2014 at 15:46:28
# Updated 28/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Oscar - OSCAR-HP
# Running from : C:\Users\Oscar\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\prefs.js ]

Line Deleted : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1392401386371");

-\\ Google Chrome v32.0.1700.107

[ File : C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3478 octets] - [14/02/2014 10:15:00]
AdwCleaner[R1].txt - [3525 octets] - [14/02/2014 10:20:10]
AdwCleaner[R2].txt - [1169 octets] - [14/02/2014 10:29:01]
AdwCleaner[R3].txt - [1290 octets] - [14/02/2014 15:41:59]
AdwCleaner[s0].txt - [3608 octets] - [14/02/2014 10:22:30]
AdwCleaner[s1].txt - [1233 octets] - [14/02/2014 11:02:59]
AdwCleaner[s2].txt - [1213 octets] - [14/02/2014 15:46:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1273 octets] ##########
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.02.14.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16518
Oscar :: OSCAR-HP [administrator]

2/14/2014 4:07:06 PM
mbam-log-2014-02-14 (16-07-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218385
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

OTL logfile created on: 2/14/2014 4:18:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.46% Memory free
7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 224.06 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32
 
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/14 16:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/31 18:16:10 | 000,064,384 | ---- | M] (Google) -- C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
PRC - [2014/01/28 01:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/07 14:44:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 17:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/10/26 10:53:00 | 000,139,792 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/12 15:30:44 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/12 15:30:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 15:00:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 14:57:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 14:57:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 14:57:21 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 14:57:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 14:56:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 14:56:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 14:56:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 13:03:09 | 000,181,760 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\plugin\ace.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/28 01:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/02 19:39:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/12/21 17:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/12/21 17:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/12/21 17:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/12/21 17:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/12/21 17:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/12/21 17:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/12/21 17:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/12/21 17:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/12/21 17:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/12/21 17:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/12/21 17:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/12/21 17:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/12/21 17:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/12/21 17:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/12/21 17:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/12/21 17:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/12/21 17:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/12/21 17:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/12/21 17:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/12/21 15:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/12/21 15:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/12/21 15:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/10 11:11:04 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/02/06 09:20:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 06:39:39 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe -- (Security Updates Service)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/07 14:44:56 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/07 14:44:13 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/07 14:44:13 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/07 14:44:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/07 14:44:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/02 19:39:35 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/02 19:39:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/10 11:10:40 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/10 11:07:40 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/10 11:07:17 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/10 11:06:29 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/07/03 03:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/03 18:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/12 22:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 22:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 16:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}
IE:64bit: - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
 
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "wow search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://centurylink.net/"
FF - prefs.js..extensions.enabledAddons: firefox-autofill%40googlegroups.com:3.6
FF - prefs.js..extensions.enabledAddons: savedpasswordeditor%40daniel.dawson:2.7.2
FF - prefs.js..extensions.enabledAddons: ascsurfingprotection%40iobit.com:1.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..extensions.enabledAddons: autofillForms%40blueimp.net:0.9.9.0
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:5.3.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0
FF - prefs.js..keyword.URL: "http://myvdo.tv/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/08 13:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2013/08/09 12:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
[2014/02/13 20:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions
[2014/02/13 20:56:17 | 000,000,000 | ---D | M] ("Flash Video Downloader") -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] (Advanced SystemCare Surfing Protection) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/10 08:01:43 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/01/25 13:05:57 | 000,067,503 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/06 06:54:45 | 000,093,438 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/01/27 07:14:35 | 000,215,649 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]
[2014/02/13 06:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/02/13 06:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/02/13 06:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2014/02/06 14:02:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2014/02/08 13:45:11 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: Hangouts = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Google Wallet = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/02/14 12:49:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe File not found
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/14 16:13:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 15:55:31 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\CLEANING
[2014/02/14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/14 13:25:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/14 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/14 12:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/02/14 12:49:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/02/14 12:35:00 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\security 2
[2014/02/14 10:14:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/14 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Diagnostics
[2014/02/14 07:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/02/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOWTrojan Removal Tool
[2014/02/12 14:34:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 14:33:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 14:33:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 14:33:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 14:33:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 14:33:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 14:33:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 14:33:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 14:33:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 14:33:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 14:33:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 14:33:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 14:33:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 14:33:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 14:33:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 14:33:17 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 14:33:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 14:33:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 14:33:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 14:33:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 14:33:10 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 14:32:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 14:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 14:11:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 14:10:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 14:10:41 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 14:10:40 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 14:10:40 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 14:10:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 14:10:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 14:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\New folder (2)
[2014/02/09 16:48:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/02/09 16:48:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/02/09 16:48:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/02/09 16:48:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/02/08 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wow search
[2014/02/08 13:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iomega
[2014/02/08 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2014/02/07 12:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/06 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Updates Service
[2014/02/06 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\dwhelper
[2014/02/06 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/01/24 17:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/01/23 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Downloaded Installations
[2014/01/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\turbotax return
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/14 16:21:24 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/14 16:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 16:04:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:58:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:58:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/14 15:58:05 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/14 15:52:03 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/14 15:47:46 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/14 15:47:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/14 15:47:34 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 15:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
[2014/02/14 15:40:47 | 001,166,132 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 12:49:42 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/14 07:51:19 | 000,001,246 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | M] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/13 19:41:34 | 000,788,260 | ---- | M] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/13 19:41:30 | 000,108,326 | ---- | M] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/13 17:46:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
[2014/02/13 10:48:25 | 000,015,010 | ---- | M] () -- C:\Users\Oscar\Documents\credit card.ods
[2014/02/13 10:44:48 | 000,025,861 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods
[2014/02/13 08:38:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/02/12 14:36:47 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 14:36:47 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 14:36:47 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 14:36:35 | 000,775,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 07:10:14 | 000,013,196 | ---- | M] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/11 08:06:28 | 000,762,694 | ---- | M] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/11 08:06:14 | 001,290,554 | ---- | M] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/10 13:29:14 | 000,083,322 | ---- | M] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | M] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | M] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/07 10:19:57 | 000,001,233 | ---- | M] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 18:21:09 | 000,002,074 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/02/06 18:00:23 | 002,404,326 | ---- | M] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 06:39:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/05 06:39:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/29 11:50:38 | 000,007,605 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2014/01/28 09:59:13 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/21 07:06:38 | 000,010,783 | ---- | M] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
 
========== Files Created - No Company Name ==========
 
[2014/02/14 16:04:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:40:27 | 001,166,132 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 07:51:19 | 000,001,246 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | C] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/12 07:10:14 | 000,013,196 | ---- | C] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/10 13:29:14 | 000,083,322 | ---- | C] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | C] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | C] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/08 18:42:58 | 000,762,694 | ---- | C] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/08 18:42:19 | 000,788,260 | ---- | C] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/08 18:42:10 | 001,290,554 | ---- | C] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/08 18:42:10 | 000,108,326 | ---- | C] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/07 10:19:57 | 000,001,233 | ---- | C] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 16:57:25 | 002,404,326 | ---- | C] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/01/21 07:06:36 | 000,010,783 | ---- | C] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 17:56:07 | 000,008,704 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 07:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/09 07:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/09 07:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/09 07:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/09 07:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/25 17:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/21 18:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/06/10 19:18:18 | 000,003,215 | ---- | C] () -- C:\Users\Oscar\.swfinfo
[2012/06/03 11:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2012/05/26 12:42:39 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 12:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\2BrightSparks
[2013/10/09 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AffiliatedUpdate
[2012/12/04 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2013/12/02 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AVAST Software
[2012/09/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio
[2012/12/01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee
[2013/06/10 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software
[2013/07/09 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com
[2014/02/08 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IObit
[2014/02/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2013/12/19 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leawo
[2014/02/08 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
[2012/05/31 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
[2014/02/08 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice
[2014/02/08 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org
[2012/05/31 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
[2013/08/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player
[2013/05/09 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan
[2014/02/08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client
[2012/11/08 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Thunderbird
[2013/12/19 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\tiger-k
[2013/02/12 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software
[2014/02/08 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso
[2012/08/15 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent
[2012/05/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

 

OTL Extras logfile created on: 2/14/2014 4:18:10 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 52.46% Memory free
7.71 Gb Paging File | 5.36 Gb Available in Paging File | 69.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 224.06 Gb Free Space | 80.17% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32
 
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D8BA4B3-77F4-4576-B09F-6F21CD427B81}" = lport=138 | protocol=17 | dir=in | app=system |
"{0DC0E475-FA6F-4A92-8239-AD9DCF3D142E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1EF83457-E463-4B71-A993-D5302BB1BE0A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{239ADEB6-03B7-486C-92C2-37262C48E5B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{39C1FF65-B4B6-4A25-BFFD-3D7C76719D74}" = lport=445 | protocol=6 | dir=in | app=system |
"{3B37908F-9D78-4E39-A5E9-C0996F330FD2}" = rport=445 | protocol=6 | dir=out | app=system |
"{56472654-5A03-4FA9-A22D-07E9B1D211C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{56EDE3FF-8B09-4066-9631-46D4D2DB89FB}" = rport=137 | protocol=17 | dir=out | app=system |
"{7FEC4729-7286-4640-A005-E22B436F4621}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{821F18F2-7D2C-4DB6-9981-E7A82D48392D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{86F5F823-CEBA-4944-96A1-E4E82475CEAC}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B97C794-5526-4D2C-A3D8-2F3A251E4F97}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{97B5A5C2-C508-42A5-9249-3F4544F2CE69}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2658E45-E5C7-458D-B707-711A78385C6D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B2F794A3-CE12-4DAB-9B46-F4CC9C1C8C85}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CCC9A72F-568D-40E2-AB4E-CD0C62302DF3}" = lport=139 | protocol=6 | dir=in | app=system |
"{D46B3933-8E37-41F3-97DF-16804F8C5DD8}" = rport=139 | protocol=6 | dir=out | app=system |
"{D829714E-8ABA-4E9D-9D2A-7712442C9658}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D87628A4-C7B6-4D03-A493-F2DA7A380868}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{EDA7FD6E-C739-429C-BBFE-4AB17A159771}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE6DCD5E-5C5E-495A-B546-86A4C37D6824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{EE901390-390A-46CD-AAF7-3BF66EFF54A2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F3D98FC5-D848-464B-93AE-E47CBED7AF93}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{17DE61A5-EBB0-4F1E-A825-50983F2FDFE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{203440B8-44F6-421D-94B2-1BAF98FF2CC5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{236B7474-29E2-40AA-9697-BD007BECE5BE}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{251F57B9-3AB8-4BC9-A1C9-F5BEBB1FC79E}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{25EB077E-1482-4657-A144-A3A280199E6A}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\temp\7zsf101.tmp\symnrt.exe |
"{3311F27B-5064-491D-B408-DEC71BB36413}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{362DE51E-4861-4979-A735-821FF4BCC2FC}" = protocol=58 | dir=out | [email protected],-28546 |
"{3770CB07-9C86-4CCD-A738-7BC91B87B75F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3914BF96-7497-4F4E-8C3A-1E9A9F175C76}" = protocol=6 | dir=out | app=system |
"{3C073826-3FB5-47F3-BEA1-F115557B2A0C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41B3D50A-ED76-4BD7-A3EB-8DB03E421DF6}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{431AB6A0-4AE0-4EFC-BB8E-3E6985E4D2D8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{448E495D-606E-45BF-AB40-FB73683B2479}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\temp\7zs33ea.tmp\symnrt.exe |
"{5BEBCF06-88EB-48DA-A625-F3F0756F5C07}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FC800BF-D3EA-4770-B380-EC6945302903}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{63DAC05A-00C9-4200-9577-84E7071FF09B}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{6457F1FC-BEFF-4C5A-ACA8-73FE0572585E}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{7586B1A7-498A-41A9-A3B7-3188F553767C}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{7F59762B-79F3-43AC-8EED-14FE6F4840C1}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{802BEC33-0A9F-4C8B-9AFD-7584D8DE5A0B}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{912FAE15-DDFB-4AF9-BBDF-8FAF565C8A11}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9589CA56-9FE9-4483-8DC5-3F1CC9C60825}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{97C26BC9-C50E-4492-B059-EC484B1E744C}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\temp\7zsf101.tmp\symnrt.exe |
"{9AA34B36-7DAB-4064-BB0A-89C4053F2C61}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9AD0ED81-848F-442C-B63D-73F415F42F05}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google talk\googletalk.exe |
"{9E488190-2913-49F0-BCC5-5D07EC037B58}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{A94B2920-2A74-4A5F-A212-B9D41DB3FF6C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B4843197-3383-400A-83A4-D1333B9C8EFB}" = protocol=1 | dir=out | [email protected],-28544 |
"{B6C61FED-3E32-4069-8C98-660F0354CBC7}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{BAC92B21-EAC8-424F-A807-E64B3781C601}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC49E0C6-BAD2-41FE-A9A9-7DAE50DDFD8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BD3D72C4-4075-4AB4-9972-AFEE10464FC9}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{C2AC5E22-7A75-436B-84A1-83E342994A9E}" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\temp\7zs33ea.tmp\symnrt.exe |
"{CE2B7890-30EB-44D4-9C4B-D891A7F67E1F}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{D3636CA4-A51F-4E77-A73E-F629C55F87D8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D501508C-2D33-44B7-A31D-148492A34A36}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7234B0D-256E-4255-BD9D-0FC13F6E90CA}" = protocol=1 | dir=in | [email protected],-28543 |
"{D8BCD2C4-5F65-4C18-BF54-AD17F919B438}" = protocol=58 | dir=in | [email protected],-28545 |
"{D9B5F0F8-0171-41ED-B85E-A6E63395776F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DA67CB5B-F2E9-4EAC-99DE-20654DCE466D}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{E414B53D-0BA7-4D8E-9A00-8BBB7B007E44}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe |
"{E7072F34-F647-42FD-970C-3E06ADB5E653}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{E78B315F-46BA-4CDB-B402-12B035BBE637}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E81C0E1C-6059-48C2-9BA2-3DE63FB2225D}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{F242EA79-9CBD-4D05-B975-9064293C8655}" = protocol=6 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |
"{F9F8313B-5A05-45E5-90EB-8D8115680D6B}" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{FA4B4A86-364D-48F3-B892-97BF5B237952}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\3\vsodownloader.exe |
"{FAF9837D-D90B-48C2-A8C8-B0AD797EC03B}" = protocol=17 | dir=in | app=c:\program files (x86)\vso\vso downloader\2\vsodownloader.exe |
"{FD7F9E02-638A-4150-9F95-1AC0B05AFC76}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19321CD0-D41C-45B8-80E6-F68B000A35B5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{C7513D63-3790-4453-ABD5-483C47B4FFD7}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=6 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |
"TCP Query User{FAFD6DBE-1F3C-4CB0-BBAC-E94E36FB057B}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{35D98AA7-8DC6-4DA7-9A92-0B1063451076}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"UDP Query User{7DD85402-3BBD-4238-993D-58F9C6FA3949}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{E5F4521A-4EFA-4460-829F-4CF9DA43DC87}C:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe" = protocol=17 | dir=in | app=c:\users\oscar\appdata\local\apps\2.0\ar21j5dv.ctw\agwb9hx7.yvh\rebt..tion_59eb1b2cffdb6323_0002.0005_7c13fbf0d57ed86b\rebtelphone.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5A847522-375C-4D05-BD3D-88C450CC047F}" = HP Launch Box
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E3F31B-D989-0E01-FCB4-EBC04EF060F1}" = AMD Catalyst Install Manager
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E3}" = Python 2.7.6 (64-bit)
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{e9d90870-ab19-32a8-aa93-f8348ba21d05}" = Python 3.3.3 (64-bit)
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows Driver Package - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"CCleaner" = CCleaner
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1" = VSO EVE Network Driver version 0.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{41101F0C-DBD9-321C-A6B1-E0689B495A4E}" = Google Talk Plugin
"{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}" = OpenOffice 4.0.1
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skypeâ„¢ 6.11
"{5036764A-435D-40C9-869C-31085A3D741D}" = HP Setup
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52793F88-BF4D-4AA6-8696-80E72CE758B1}" = Adobe Flash Player 12 ActiveX
"{53B17A98-5BF0-40BC-AAFF-850A357975AC}" = HP Quick Launch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A55875-B6DD-41E8-8CF6-F193D9C47051}" = HP Documentation
"{6B722793-E77B-41F5-BAB3-6C9832274E75}" = PC Connectivity Solution
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.1.1
"{6FE12C01-2FBC-42E2-AEB9-4CA2238C462F}" = Nokia Connectivity Cable Driver
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B52057C-15DB-433E-957C-E279BC7D07E3}" = HP QuickWeb
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{934168C8-55AC-4593-A138-E64BA8367E6E}" = Adobe Flash Player 12 Plugin
"{9945F35E-85EF-4759-A95C-2E10AA34EA58}" = ESU for Microsoft Windows 7 SP1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = Compaq Setup Manager
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{c32d80cc-20d1-386b-b1e2-cce219263394}" = Python 3.4.0b1
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB70FB55-1515-4C75-95C8-FFBD5FE041F8}_is1" = VSO Downloader 2.9.1.4
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A0C45A-7EDB-48EB-AB86-2445E74FBFBB}" = Nokia Suite
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48E84C5-7599-4CBD-9900-8BCB9A2A2FFA}_is1" = VSO Downloader 3.1.0.50
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE202411-2C26-49E8-9784-1BC1DBF7DE96}" = HP Support Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"avast" = avast! Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"IObit Surfing Protection_is1" = Surfing Protection
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 27.0 (x86 en-US)" = Mozilla Firefox 27.0 (x86 en-US)
"Mozilla Thunderbird 24.3.0 (x86 en-US)" = Mozilla Thunderbird 24.3.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"Secunia PSI" = Secunia PSI (3.0.0.7011)
"VLC media player" = VLC media player 2.1.3
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.3
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"AffiliatedUpdate" = Extended Update
"Should I Remove It 1.0.4" = Should I Remove It
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 2/14/2014 2:16:46 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 2/14/2014 3:48:54 PM | Computer Name = Oscar-HP | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "c:\program files (x86)\ESET\eset
 online scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line
 .  A component version required by the application conflicts with another component
 version already active.  Conflicting components are:.  Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 2/14/2014 4:47:51 PM | Computer Name = Oscar-HP | Source = WinMgmt | ID = 10
Description =
 
[ Hewlett-Packard Events ]
Error - 2/24/2013 9:13:57 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization:   TargetSite: Void UpdateAndDetect()  
 
Error - 2/25/2013 10:27:58 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 2/26/2013 10:43:02 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 2/27/2013 9:47:04 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 2/28/2013 9:02:22 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 3/1/2013 9:43:11 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 40  TargetSite: Void UpdateAndDetect()  
 
Error - 3/2/2013 9:15:23 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 60  TargetSite: Void UpdateAndDetect()  
 
Error - 3/3/2013 10:00:10 AM | Computer Name = Oscar-HP | Source = hpsa_service.exe | ID = 2000
Description = HP Error ID: -2146233088   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Message: One HP Active Check Local Mode job already running.  StackTrace:
   at HP.ActiveCheckLocalMode.SessionManager.ActiveCheckManager.UpdateAndDetect()

   at HP.SupportAssistant.Service.ACLM.ActiveCheck.LaunchActiveCheck(Boolean singleScan,
 Boolean localScan)  Source: HP.ActiveCheckLocalMode.SessionManager    Name: hpsa_service.exe
Version:
 06.00.01.01  Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
Format:
 en-US  RAM: 3947  Ram Utilization: 50  TargetSite: Void UpdateAndDetect()  
 
Error - 3/3/2013 6:03:37 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3947
Ram
 Utilization: 60  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
Error - 3/3/2013 6:16:03 PM | Computer Name = Oscar-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Message:
 Object reference not set to an instance of an object.  StackTrace:   at HP.SupportFramework.Utilities.CustomerExperience.HPSASession.AddNavigationProperties()
Source:
 HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01  Path: C:\Program
 Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US  RAM: 3947
Ram
 Utilization: 30  TargetSite: HP.SupportFramework.HPSFReporting._Property[] AddNavigationProperties()

 
[ HP Software Framework Events ]
Error - 12/5/2012 9:33:48 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2012/12/05 08:33:48.485|00001B44|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 1/9/2013 9:43:12 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/09 08:43:12.852|00001760|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 1/16/2013 9:44:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/16 08:44:10.684|000015E4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 1/31/2013 10:05:42 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:42.137|000016B0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 1/31/2013 10:05:55 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:55.043|00001608|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 1/31/2013 10:05:59 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/01/31 09:05:59.741|0000016C|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/6/2013 12:42:05 PM | Computer Name = Oscar-HP | Source = hpqWmiEx | ID = 5
Description = 2013/02/06 11:42:05.729|00001308|Error      |ChpqWmiExModule::Start|StartServiceCtrlDispatcher
 FAILED. Error: 1063
 
Error - 2/14/2013 9:12:11 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:12:11.528|00001DD0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/14/2013 9:13:52 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:13:52.142|00001810|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 2/14/2013 9:14:10 AM | Computer Name = Oscar-HP | Source = CaslWmi | ID = 5
Description = 2013/02/14 08:14:10.925|000006C4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 2/14/2014 2:16:33 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 2/14/2014 4:47:41 PM | Computer Name = Oscar-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\Windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 2/14/2014 4:52:39 PM | Computer Name = Oscar-HP | Source = Service Control Manager | ID = 7022
Description = The Windows Update service hung on starting.
 
 
< End of report >
 

 

Share this post


Link to post
Share on other sites

I have to run or a errand will be back around 6 MTN time !!

Sorry !

 

Chuck

Share this post


Link to post
Share on other sites

Hey Chuck, you have a life besides these forums and need to take care of it. I am grateful for your help , will look at this later.

thank you, Oscar

Share this post


Link to post
Share on other sites

Hi ore, running this from a virtual computer so if it doesn't work right posting, i will get back on mine in a few minutes & fix my fix !!

 

 

Do you have Spybot Search & Destroy still installed ? If you do i would remove it or at least disable Tea Timer !!

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}IE:64bit: - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}IE'>http://wow.utop.it/?q={searchTerms}IE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}IE'>http://wow.utop.it/?q={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}IE'>http://wow.utop.it/?q={searchTerms}IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}                                                                                                      IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope          IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}IE'>http://wow.utop.it/?q={searchTerms}IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}IE'>http://wow.utop.it/?q={searchTerms}IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll File not found[2013/08/09 12:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions[2014/02/13 20:56:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions[2014/02/10 08:01:43 | 000,149,045 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected][2014/01/25 13:05:57 | 000,067,503 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected][2014/02/06 06:54:45 | 000,093,438 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected][2014/01/27 07:14:35 | 000,215,649 | ---- | M] () (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected][2014/02/13 06:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2014/02/13 06:40:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions[2014/02/13 06:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}[2014/02/06 14:02:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FFO4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe File not foundO9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value found:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot] 

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log back here !

 

 

Chuck

Share this post


Link to post
Share on other sites

That did not look right so hold off a sec & i will fix it !!

 

OK that looks better, run the fix please !!

Share this post


Link to post
Share on other sites

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ not found.
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\modules\ffmpeg folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\modules folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\defaults folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\components folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\skin folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\ru folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\lt folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\hy-AM folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\en-US folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale\ar folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\locale folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\player folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\include folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\dialogs folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\data folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content\bindings folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome\content folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected]\chrome folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] folder moved successfully.
C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions folder moved successfully.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
File C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\e4ga19tc.default\extensions\[email protected] not found.
C:\Program Files (x86)\Mozilla Firefox\extensions folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons\default folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome\icons folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\ not found.
Folder C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ not found.
Registry value HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TWC.Win7 deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Oscar
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Oscar
->Flash cache emptied: 1135 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Oscar
->Temp folder emptied: 4478044 bytes
->Temporary Internet Files folder emptied: 17601602 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 19834886 bytes
->Google Chrome cache emptied: 101231757 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 42 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1053903 bytes
 
Total Files Cleaned = 138.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 02142014_204321

Files\Folders moved on Reboot...
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Share this post


Link to post
Share on other sites

Time for bed here Chuck, we are the same age and I run out of gas this time of day (9:00eastern) I will check here first thing tomorrow.

Thanks so much for your help, Oscar

Share this post


Link to post
Share on other sites

Ore, that looks good, how is it running ?? Any problems or is utop.it still showing ?

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

If you feel it's running good i will come back with an all clean speech !!

 

Good to know there are a few of us oldies out there !!

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Thank you Chuck, it seems to be running well and no signs of the problem.You are amazing

Oscar

Will post a log after running OTL

Share this post


Link to post
Share on other sites

Hopefully the lst scan Chuck................

 

OTL logfile created on: 2/15/2014 6:00:32 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Oscar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.86 Gb Total Physical Memory | 1.96 Gb Available Physical Memory | 50.91% Memory free
7.71 Gb Paging File | 5.39 Gb Available in Paging File | 69.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.47 Gb Total Space | 221.59 Gb Free Space | 79.29% Space Free | Partition Type: NTFS
Drive D: | 14.46 Gb Total Space | 1.61 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.07 Gb Free Space | 27.06% Space Free | Partition Type: FAT32
 
Computer Name: OSCAR-HP | User Name: Oscar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/02/14 20:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.scr
PRC - [2014/02/06 09:10:09 | 000,390,256 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2014/02/01 18:42:39 | 000,866,632 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/01/31 18:16:10 | 000,064,384 | ---- | M] (Google) -- C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe
PRC - [2014/01/28 01:54:01 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/01/07 14:44:09 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
PRC - [2013/07/25 17:47:00 | 001,985,824 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
PRC - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psia.exe
PRC - [2013/07/03 03:32:42 | 000,563,416 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/21 17:56:44 | 001,090,040 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/12/19 09:49:12 | 000,149,480 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2012/10/26 10:53:00 | 000,139,792 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
PRC - [2012/03/05 12:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/08/19 13:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/05/20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/02/12 15:30:44 | 000,492,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\92742a2fc47c786e31ccecbbbff37f1d\IAStorUtil.ni.dll
MOD - [2014/02/12 15:30:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\56d3e5f907345d381bd7ba599185dfbc\IAStorCommon.ni.dll
MOD - [2014/02/12 15:00:19 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\4b1795df6372b251625f958595e08d3d\System.Web.ni.dll
MOD - [2014/02/12 15:00:05 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59312674865dc2a19c27f9f460b1673b\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 14:57:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\8bc548587e91ecf0552a40e47bbf99cc\System.Windows.Forms.ni.dll
MOD - [2014/02/12 14:57:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5c24d3b0041ebf4f48a93615b9fa3de9\System.Drawing.ni.dll
MOD - [2014/02/12 14:57:21 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\217ece46920546d718414291d463bb1c\System.Xml.ni.dll
MOD - [2014/02/12 14:57:13 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\73ce00cfab52d23ca89457490fd5ef9a\System.Configuration.ni.dll
MOD - [2014/02/12 14:56:45 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1d696b2d3de530f7ee971070263667ff\WindowsBase.ni.dll
MOD - [2014/02/12 14:56:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b3a78269847005365001c33870cd121f\System.ni.dll
MOD - [2014/02/12 14:56:29 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\ede2c6c842840e009f01bcc74fa4c457\mscorlib.ni.dll
MOD - [2014/02/12 13:03:09 | 000,181,760 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\plugin\ace.dll
MOD - [2014/02/06 09:10:10 | 003,019,376 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2014/02/06 09:10:10 | 000,158,832 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2014/02/06 09:10:10 | 000,023,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2014/02/01 18:42:37 | 000,399,688 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll
MOD - [2014/02/01 18:42:35 | 004,055,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll
MOD - [2014/02/01 18:41:45 | 000,715,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
MOD - [2014/02/01 18:41:45 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll
MOD - [2014/02/01 18:41:43 | 001,634,632 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
MOD - [2014/01/28 01:54:18 | 003,583,600 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/12/02 19:39:34 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/07/24 09:24:52 | 000,137,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
MOD - [2012/12/21 17:57:44 | 000,276,984 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/12/21 17:57:44 | 000,093,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012/12/21 17:57:28 | 002,653,176 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/12/21 17:57:28 | 000,364,536 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/12/21 17:57:26 | 011,166,712 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/12/21 17:57:24 | 000,206,328 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/12/21 17:57:22 | 001,347,064 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/12/21 17:57:22 | 001,014,776 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/12/21 17:57:22 | 000,720,888 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/12/21 17:57:20 | 008,507,384 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/12/21 17:57:20 | 000,520,696 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/12/21 17:57:18 | 002,481,144 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/12/21 17:57:18 | 002,354,168 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/12/21 17:57:14 | 000,446,456 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/12/21 17:57:10 | 000,207,352 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012/12/21 17:57:10 | 000,035,832 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012/12/21 17:57:08 | 000,033,272 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012/12/21 17:56:40 | 000,438,264 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012/12/21 17:56:00 | 000,606,200 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/12/21 15:29:52 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/12/21 15:29:52 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/12/21 15:29:14 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/07 14:44:09 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/10 11:11:04 | 000,239,176 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE -- (RtkAudioService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2014/02/06 09:20:48 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/02/05 06:39:39 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/01/31 07:37:24 | 001,998,336 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Security Updates Service\winupdsvc.exe -- (Security Updates Service)
SRV - [2014/01/03 01:32:12 | 001,363,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/01/03 01:32:04 | 001,748,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2013/12/21 01:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/07 01:52:56 | 000,279,000 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2013/10/25 12:07:24 | 002,151,200 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/07/03 03:32:44 | 001,228,504 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2013/07/03 03:32:44 | 000,660,184 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/12/19 09:49:34 | 000,732,648 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 15:48:50 | 000,197,536 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2012/03/05 12:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/05/20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/30 22:44:00 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/30 22:43:00 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/01/07 14:44:56 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2014/01/07 14:44:13 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2014/01/07 14:44:13 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2014/01/07 14:44:13 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2014/01/07 14:44:13 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/12/02 19:39:35 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/12/02 19:39:35 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/10 11:10:40 | 000,057,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/11/10 11:07:40 | 000,032,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2013/11/10 11:07:17 | 001,514,568 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE)
DRV:64bit: - [2013/11/10 11:06:29 | 000,883,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/11/07 01:52:44 | 005,363,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2013/07/03 03:32:42 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys -- (PSI)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/28 18:50:02 | 000,041,304 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\eve.sys -- (Eve)
DRV:64bit: - [2013/02/28 20:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/10/17 13:53:46 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/03 18:49:18 | 000,040,432 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 03:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/12 22:06:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/12 22:06:46 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/05/18 16:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/20 22:23:48 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/01/18 15:40:26 | 000,004,608 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rcmirror.sys -- (rcmirror)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKLM\..\SearchScopes,DefaultScope =
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "wow search"
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://centurylink.net/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2011.70
FF - prefs.js..keyword.URL: "http://myvdo.tv/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/02/08 13:45:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.3.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2014/02/14 20:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions
File not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF
[2014/02/08 13:45:11 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
File not found (No name found) -- C:\USERS\OSCAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E4GA19TC.DEFAULT\EXTENSIONS\[email protected]
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: https://www.google.com/
CHR - Extension: Google Docs = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Crackle = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic\7.1.7_0\
CHR - Extension: Skype Click to Call = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0\
CHR - Extension: Google Maps = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail Checker = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: FastestFox for Chrome = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm\8.0.8_0\
CHR - Extension: Hangouts = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd\2014.206.433.3_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Autofill = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmmgnhgdeffjkdckmikfpnddkbbfkkk\5.5_0\
CHR - Extension: Google Wallet = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Click&Clean App = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.5_0\
CHR - Extension: Gmail = C:\Users\Oscar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2014/02/14 20:43:52 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000..\Run: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16:64bit: - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} Reg Error: Value error. (GMNRev Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/02/14 20:38:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.scr
[2014/02/14 20:25:03 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\ChromeTabExtension
[2014/02/14 20:25:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/14 16:13:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 15:55:31 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:42:10 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\CLEANING
[2014/02/14 13:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/02/14 13:25:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/02/14 13:25:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/02/14 12:49:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2014/02/14 12:49:20 | 000,000,000 | ---D | C] -- C:\_OTM
[2014/02/14 12:35:00 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\security 2
[2014/02/14 10:14:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/14 09:47:20 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Diagnostics
[2014/02/14 07:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2014/02/12 15:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WOWTrojan Removal Tool
[2014/02/12 14:34:33 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014/02/12 14:33:26 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/12 14:33:25 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/12 14:33:24 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/12 14:33:24 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/12 14:33:22 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/12 14:33:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/12 14:33:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/12 14:33:20 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/12 14:33:20 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/12 14:33:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/12 14:33:19 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/12 14:33:19 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/12 14:33:19 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/12 14:33:19 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/12 14:33:19 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/12 14:33:17 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/12 14:33:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/12 14:33:16 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/12 14:33:16 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/12 14:33:10 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/12 14:33:10 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/12 14:32:59 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/12 14:11:14 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2014/02/12 14:11:13 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2014/02/12 14:10:41 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2014/02/12 14:10:41 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2014/02/12 14:10:41 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2014/02/12 14:10:40 | 000,553,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2014/02/12 14:10:40 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2014/02/12 14:10:40 | 000,488,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2014/02/12 14:10:40 | 000,485,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2014/02/12 14:10:40 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2014/02/12 14:10:39 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdrm.dll
[2014/02/12 14:10:39 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2014/02/12 14:10:39 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2014/02/12 14:07:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2014/02/11 11:55:32 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Desktop\New folder (2)
[2014/02/09 16:48:08 | 001,122,304 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/02/09 16:48:08 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2014/02/09 16:48:08 | 000,274,432 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\ssleay32.dll
[2014/02/09 16:48:08 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2014/02/08 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\wow search
[2014/02/08 13:29:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Iomega
[2014/02/08 13:28:38 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2014/02/07 12:31:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/02/06 18:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Updates Service
[2014/02/06 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\Oscar\dwhelper
[2014/02/06 09:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2014/01/24 17:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2014/01/23 18:16:57 | 000,000,000 | ---D | C] -- C:\Users\Oscar\AppData\Local\Downloaded Installations
[2014/01/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Users\Oscar\Documents\turbotax return
 
========== Files - Modified Within 30 Days ==========
 
[2014/02/15 05:54:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 05:54:31 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/02/15 05:52:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/02/15 05:47:08 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/15 05:46:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/02/15 05:46:47 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/14 20:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job
[2014/02/14 20:43:52 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/02/14 20:38:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.scr
[2014/02/14 20:21:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/14 19:49:02 | 000,762,694 | ---- | M] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/14 19:48:37 | 001,290,554 | ---- | M] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/14 17:46:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job
[2014/02/14 16:13:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Oscar\Desktop\OTL.com
[2014/02/14 16:04:21 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:58:28 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Oscar\Desktop\mbam-setup-1.75.0.1300.exe
[2014/02/14 15:40:47 | 001,166,132 | ---- | M] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 07:51:19 | 000,001,246 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | M] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/13 19:41:34 | 000,788,260 | ---- | M] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/13 19:41:30 | 000,108,326 | ---- | M] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/13 10:48:25 | 000,015,010 | ---- | M] () -- C:\Users\Oscar\Documents\credit card.ods
[2014/02/13 10:44:48 | 000,025,861 | ---- | M] () -- C:\Users\Oscar\Documents\expenses.ods
[2014/02/13 08:38:02 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOscar.job
[2014/02/12 14:36:47 | 000,775,084 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/02/12 14:36:47 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/02/12 14:36:47 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/02/12 14:36:35 | 000,775,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/02/12 07:10:14 | 000,013,196 | ---- | M] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/10 13:29:14 | 000,083,322 | ---- | M] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | M] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | M] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/07 10:19:57 | 000,001,233 | ---- | M] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 18:21:09 | 000,002,074 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2014/02/06 18:00:23 | 002,404,326 | ---- | M] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/02/06 06:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014/02/06 06:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014/02/06 06:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014/02/06 05:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014/02/06 05:52:11 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014/02/06 05:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014/02/06 05:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014/02/06 05:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014/02/06 05:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014/02/06 05:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014/02/06 05:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014/02/06 05:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014/02/06 05:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014/02/06 04:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014/02/06 04:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014/02/06 04:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014/02/06 04:49:22 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014/02/06 04:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014/02/06 04:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014/02/06 04:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014/02/06 04:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014/02/06 03:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014/02/06 03:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014/02/05 06:39:39 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014/02/05 06:39:39 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/01/29 11:50:38 | 000,007,605 | ---- | M] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2014/01/28 09:59:13 | 000,002,243 | ---- | M] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/01/21 07:06:38 | 000,010,783 | ---- | M] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
 
========== Files Created - No Company Name ==========
 
[2014/02/14 16:04:21 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/02/14 15:40:27 | 001,166,132 | ---- | C] () -- C:\Users\Oscar\Desktop\adwcleaner.exe
[2014/02/14 07:51:19 | 000,001,246 | ---- | C] () -- C:\Users\Oscar\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2014/02/14 07:51:19 | 000,001,222 | ---- | C] () -- C:\Users\Oscar\Desktop\Spybot - Search & Destroy.lnk
[2014/02/12 07:10:14 | 000,013,196 | ---- | C] () -- C:\Users\Oscar\Desktop\QUILTS - Shortcut.lnk
[2014/02/10 13:29:14 | 000,083,322 | ---- | C] () -- C:\Users\Oscar\Desktop\1236946_10201085478153335_854229438_n.jpg
[2014/02/10 12:48:09 | 000,040,669 | ---- | C] () -- C:\Users\Oscar\Desktop\yoyo and shams
[2014/02/10 09:53:52 | 000,001,074 | ---- | C] () -- C:\Users\Oscar\Desktop\WHY - Shortcut.lnk
[2014/02/08 18:42:58 | 000,762,694 | ---- | C] () -- C:\ProgramData\ChromeTabExtension.crx
[2014/02/08 18:42:19 | 000,788,260 | ---- | C] () -- C:\ProgramData\yvd_firefox_se.exe
[2014/02/08 18:42:10 | 001,290,554 | ---- | C] () -- C:\ProgramData\yvd_chrome_se.exe
[2014/02/08 18:42:10 | 000,108,326 | ---- | C] () -- C:\ProgramData\yvd_ie_se.exe
[2014/02/07 10:19:57 | 000,001,233 | ---- | C] () -- C:\Users\Oscar\Desktop\Should I Remove It.lnk
[2014/02/06 16:57:25 | 002,404,326 | ---- | C] () -- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe
[2014/01/21 07:06:36 | 000,010,783 | ---- | C] () -- C:\Users\Oscar\Documents\GATEWAY account open office.odt
[2013/11/07 01:52:42 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2013/10/01 17:56:07 | 000,008,704 | ---- | C] () -- C:\Users\Oscar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/09 07:56:13 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/09 07:56:13 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/09 07:56:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/09 07:56:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/09 07:56:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/07/25 17:00:30 | 000,007,605 | ---- | C] () -- C:\Users\Oscar\AppData\Local\Resmon.ResmonCfg
[2013/02/28 20:47:36 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2012/12/14 01:42:30 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/12/14 01:42:28 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/09/21 18:02:45 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/06/10 19:18:18 | 000,003,215 | ---- | C] () -- C:\Users\Oscar\.swfinfo
[2012/06/03 11:45:44 | 000,018,303 | ---- | C] () -- C:\Users\Oscar\AppData\Roaming\UserTile.png
[2012/05/26 12:42:39 | 000,775,084 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/24 12:09:37 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2012/03/19 22:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/19 22:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== ZeroAccess Check ==========
 
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 21:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2013/03/08 09:25:33 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
[2013/12/12 12:32:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\2BrightSparks
[2013/10/09 13:01:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AffiliatedUpdate
[2012/12/04 17:52:41 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Auslogics
[2013/12/02 19:44:29 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\AVAST Software
[2012/09/12 15:53:58 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Blio
[2012/12/01 12:00:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\FixBee
[2013/06/10 17:01:43 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Foresight Software
[2013/07/09 17:56:30 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\HurricaneSoftware.com
[2014/02/08 16:39:12 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\IObit
[2014/02/08 13:28:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leadertech
[2013/12/19 12:00:36 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Leawo
[2014/02/08 16:36:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia
[2012/05/31 14:37:05 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Nokia Suite
[2014/02/08 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice
[2014/02/08 16:36:53 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\OpenOffice.org
[2012/05/31 14:21:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\PC Suite
[2013/08/05 15:19:42 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\player
[2013/05/09 15:37:21 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\QuickScan
[2014/02/08 16:36:56 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\SoftGrid Client
[2012/11/08 05:33:52 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Synaptics
[2014/02/08 16:39:18 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Thunderbird
[2013/12/19 12:01:27 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\tiger-k
[2013/02/12 16:33:20 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\TuneUp Software
[2014/02/08 16:36:57 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\vso
[2012/08/15 10:09:22 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\WildTangent
[2012/05/27 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\Oscar\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:07BF512B
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:0F4A7B6A
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
 

Share this post


Link to post
Share on other sites

Ok Ore, i need another OTL fix !!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/IE:64bit:'>http://wow.utop.it/IE:64bit: - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/IE - HKLM\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}: "URL" = http://wow.utop.it/?q={searchTerms}IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wow.utop.it/IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3309490343-1712508466-2320962761-1000\..\SearchScopes,DefaultScope =FF - prefs.js..browser.search.order.1: "wow search"FF - user.js - File not found[2014/02/14 20:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Oscar\AppData\Roaming\Mozilla\ExtensionsFile not found (No name found) -- C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF[2014/02/08 13:45:11 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FFFile not found (No name found) -- C:\USERS\OSCAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\E4GA19TC.DEFAULT\EXTENSIONS\[email protected] - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.  :Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.
 

 

Post this return log !!

 

 

======================

 

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Sorry Chuck, I didn't realize there was a second page to this post. Here is the log

Oscar

 

 

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9bb2c1cc-4a7d-4cd5-bce9-0ca5f9ff8391}\ not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-3309490343-1712508466-2320962761-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Prefs.js: "wow search" removed from browser.search.order.1
C:\Users\Oscar\AppData\Roaming\Mozilla\Extensions folder moved successfully.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Oscar
->Java cache emptied: 0 bytes
 
User: Public
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Oscar
->Flash cache emptied: 1758 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Oscar
->Temp folder emptied: 209583 bytes
->Temporary Internet Files folder emptied: 31482291 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 18894394 bytes
->Google Chrome cache emptied: 129087024 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 877 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 10305543 bytes
 
Total Files Cleaned = 181.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 02152014_133255

Files\Folders moved on Reboot...
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\png scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\icons scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 24x24px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin\ico 16x16px scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\zh-CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\vi-VN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ur-PK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\uk-UA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\tr-TR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\th-TH scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sv-SE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sl-SI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\sk-SK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ru-RU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ro-RO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pt-BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\pl-PL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nl-NL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\nb-NO scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ko-KR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ja-JP scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\it-IT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\id-ID scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hu-HU scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\hr-HR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\he-IL scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fr-FR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\fi-FI scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\et-EE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\es-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\en-GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\el-GR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\de-DE scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\da-DK scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\cs-CZ scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ca-ES scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\bg-BG scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\be-BY scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale\ar-SA scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\defaults scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\modules scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_TW scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\zh_CN scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\vi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ur scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\uk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\th scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ro scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_PT scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pt_BR scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\pl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nl scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\nb scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ms scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\lv scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ko scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ja scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\it scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\id scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hu scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\hi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\he scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fi scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\fa scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\et scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\es scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en_GB scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\en scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\el scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\de scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\da scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ca scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bn scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\be scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale\ar scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\locale scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\img scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin\css scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\skin scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\scripts scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\mocks scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common\libs scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content\common scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF\content scheduled to be moved on reboot.
Folder move failed. C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF scheduled to be moved on reboot.
C:\Users\Oscar\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Oscar\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 

Share this post


Link to post
Share on other sites

Ore, that looks good, how is it running ?? Any problems or is utop.it still showing ?

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.

 

If you feel it's running good i will come back with an all clean speech !!

 

Good to know there are a few of us oldies out there !!

 

Thanks

Chuck

 

 

===========================

 

 

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the                                                                 Security tab
 *Click once on the [b                                             

Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the Security tab
 *Click once on the Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an FRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows updatedefault.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

If you are behind on some updates, please visit the http://secunia.com/vulnerability_scanning/online/]Secunia Software Inspector   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck

 

 

I will lock this after 5 days !!

]Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an IFRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows updatedefault.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

If you are behind on some updates, please visit the http://secunia.com/vulnerability_scanning/online/]Secunia Software Inspector   
Update any vulnerable software you have. Many malware now use zero day exploits in outdated versions of browsers and third party programs like Flash Player,Java Runtime , Winzip, Acrobat Reader etc to allow them to install silently without your knowledge or detection by your antivirus protection.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck

 

 

I will lock this after 5 days !!

Share this post


Link to post
Share on other sites

Chuck, Wow search reappeared in Firefox and IE, some of this stuff is persistent

Oscar

Edited by ore262

Share this post


Link to post
Share on other sites

UTOP.IT HAS ALSO TAKEN OVER IE HOMEPAGE BUT I CHANGED IT BACK USING SUPERANTISPYWARE

Edited by ore262

Share this post


Link to post
Share on other sites

Good morning Ore, did you download that tool >>> UTOP.IT ????

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.
 

 

 

NEXT

 

 

 

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")



Download ComboFix from this location:

Link 1
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link 2
http://www.infospyware.net/antimalware/combofix



* IMPORTANT !!! Save ComboFix.exe to your Desktop



  * Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    *  See this Link >>> http://www.bleepingcomputer.com/forums/topic114351.html <<<  for programs that need to be disabled and instruction on how to disable them.
   
    *  Remember to re-enable them when we're done.

    *  Double click on ComboFix.exe & follow the prompts.

    *  As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    *  Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

 Notes:   

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of  ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.  CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.   

Give it atleast 20-30 minutes to finish if needed.

 Please do not attach the scan results from Combofix. Use copy/paste.   

 

 

Post those 2 logs next !

 

Thanks

Chuck

Share this post


Link to post
Share on other sites

Good morning Chuck, I did not download Utop.it or Wow search, they were bundled in something I installed before my original post, I thought I had declined other stuff in the installation, but I guess I was fooled. Logs you requested follow:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 10.51.2

Run by Oscar at 10:48:36 on 2014-02-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1554 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Security Updates Service\winupdsvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe

C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Oscar\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe

C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uProxyOverride =

BHO: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [Google Update] "C:\Users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray

uRun: [GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"

mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76} : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}\4656775697D27657563747 : DHCPNameServer = 207.69.188.186 207.69.188.187 192.168.33.1

TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}\54E67456E6965737635303730383F523 : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{530608E2-0C92-487C-A790-F35682F6BF76}\84F4D454D213340373 : DHCPNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe

x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"

x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"

x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"

x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update

x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Notify: igfxcui - igfxdev.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\

FF - prefs.js: browser.search.selectedEngine - wow search

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Oscar\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll

FF - plugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Oscar\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-7-29 65776]

R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-7-29 207904]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-7-29 1038072]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-7-29 421704]

R1 Eve;EVE Protocol Driver;C:\Windows\System32\drivers\eve.sys [2013-9-9 41304]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-3-24 98208]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-7-29 78648]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-15 50344]

R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-1-3 1363616]

R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-1-3 1748640]

R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]

R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-8-10 197536]

R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-24 13592]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-3-24 1817088]

R2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2013-11-10 2151200]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-2-14 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-2-14 701512]

R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-11-10 239176]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2013-1-29 1153368]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-7-3 1228504]

R2 Security Updates Service;Security Updates Service;C:\Program Files (x86)\Security Updates Service\winupdsvc.exe [2014-1-31 1998336]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-24 2656280]

R3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-7 80184]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2012-8-3 40432]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-11-10 169752]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-2-14 25928]

R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-7-3 18456]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-3-24 335464]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-11-10 883928]

R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\Windows\System32\drivers\rtwlane.sys [2013-11-10 1514568]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-11-10 32496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-7-3 660184]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-12 111616]

S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-5 19456]

S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192Ce.sys [2012-3-24 1145448]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-8-5 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-5 30208]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-5-28 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2014-02-17 14:39:38 -------- d-----w- C:\SUPERDelete

2014-02-17 11:27:37 -------- d-----w- C:\Users\Oscar\AppData\Local\{39CBD747-9B78-4567-A5D2-001EEF3D6826}

2014-02-16 13:20:13 -------- d-----w- C:\Users\Oscar\AppData\Roaming\SUPERAntiSpyware.com

2014-02-16 13:18:48 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2014-02-16 13:18:48 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2014-02-16 12:59:41 118784 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2014-02-16 12:59:41 115920 ----a-w- C:\Windows\SysWow64\MSINET.OCX

2014-02-16 12:59:41 -------- d-----w- C:\Program Files (x86)\EULAlyzer

2014-02-15 01:25:03 -------- d-----w- C:\Users\Oscar\AppData\Local\ChromeTabExtension

2014-02-14 18:25:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-02-14 18:25:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-14 17:49:39 -------- d-----w- C:\Windows\System32\%LOCALAPPDATA%

2014-02-14 15:14:54 -------- d-----w- C:\AdwCleaner

2014-02-14 14:47:20 -------- d-----w- C:\Users\Oscar\AppData\Local\Diagnostics

2014-02-14 11:11:15 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EBCFB59C-4AEB-4E81-94E3-B7F635144E75}\mpengine.dll

2014-02-12 20:24:42 -------- d-----w- C:\Program Files (x86)\WOWTrojan Removal Tool

2014-02-12 19:34:33 548864 ----a-w- C:\Windows\System32\vbscript.dll

2014-02-12 19:34:33 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-02-12 19:32:59 5768704 ----a-w- C:\Windows\System32\jscript9.dll

2014-02-12 19:11:14 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll

2014-02-12 19:11:14 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2014-02-12 19:11:13 3928064 ----a-w- C:\Windows\System32\d2d1.dll

2014-02-12 19:11:13 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll

2014-02-12 19:07:00 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2014-02-12 19:07:00 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2014-02-12 19:07:00 1882112 ----a-w- C:\Windows\System32\msxml3.dll

2014-02-12 19:07:00 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll

2014-02-09 21:48:08 81920 ----a-w- C:\Windows\eSellerateControl350.dll

2014-02-09 21:48:08 356352 ----a-w- C:\Windows\eSellerateEngine.dll

2014-02-09 21:48:08 274432 ----a-w- C:\Windows\SysWow64\ssleay32.dll

2014-02-09 21:48:08 1122304 ----a-w- C:\Windows\SysWow64\libeay32.dll

2014-02-08 23:42:21 -------- d-----w- C:\Program Files (x86)\wow search

2014-02-08 23:42:19 788260 ----a-w- C:\ProgramData\yvd_firefox_se.exe

2014-02-08 23:42:10 1290554 ----a-w- C:\ProgramData\yvd_chrome_se.exe

2014-02-08 23:42:10 108326 ----a-w- C:\ProgramData\yvd_ie_se.exe

2014-02-08 18:29:24 -------- d-----w- C:\Program Files (x86)\Iomega

2014-02-07 17:31:30 -------- d-----w- C:\Program Files (x86)\VS Revo Group

2014-02-06 23:04:26 -------- d-----w- C:\Program Files (x86)\Security Updates Service

2014-02-06 21:57:25 2404326 ----a-w- C:\ProgramData\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe

2014-02-06 20:45:53 -------- d-----w- C:\Users\Oscar\dwhelper

2014-02-06 19:02:58 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2014-01-23 23:16:57 -------- d-----w- C:\Users\Oscar\AppData\Local\Downloaded Installations

.

==================== Find3M ====================

.

2014-02-15 11:43:39 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys

2014-02-15 11:43:38 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2014-02-15 11:43:38 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2014-02-15 11:43:37 43152 ----a-w- C:\Windows\avastSS.scr

2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll

2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-02-05 11:39:39 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-05 11:39:39 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-01-15 11:49:32 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-07 19:44:13 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys

2013-12-18 11:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe

2013-12-11 12:55:05 9272200 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll

2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll

2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll

2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll

2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe

2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe

2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe

2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll

2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll

2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll

2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll

2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe

2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe

2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe

2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe

2013-12-03 00:39:35 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2013-12-03 00:39:35 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys

2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys

2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys

2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys

2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys

2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys

2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys

2013-11-25 00:09:14 2717184 ----a-w- C:\Windows\SysWow64\python34.dll

2013-11-25 00:07:04 102912 ----a-w- C:\Windows\pyw.exe

2013-11-25 00:07:04 102400 ----a-w- C:\Windows\py.exe

2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll

2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll

.

============= FINISH: 10:49:25.93 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/26/2012 5:21:12 PM

System Uptime: 2/17/2014 6:10:00 AM (4 hours ago)

.

Motherboard: Hewlett-Packard | | 3672

Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1067mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 222.483 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.071 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\WPD\0000

Manufacturer:

Name:

PNP Device ID: ROOT\WPD\0000

Service:

.

==== System Restore Points ===================

.

RP395: 2/8/2014 1:42:26 PM - avast! antivirus system restore point

RP396: 2/11/2014 7:14:41 AM - Windows Update

RP397: 2/12/2014 2:32:25 PM - Windows Update

RP398: 2/14/2014 8:44:05 PM - OTL Restore Point - 2/14/2014 8:44:02 PM

RP399: 2/15/2014 6:41:42 AM - avast! antivirus system restore point

RP400: 2/15/2014 1:33:48 PM - OTL Restore Point - 2/15/2014 1:33:45 PM

.

==== Installed Programs ======================

.

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

Adobe Shockwave Player 12.0

AMD APP SDK Runtime

AMD Catalyst Install Manager

avast! Free Antivirus

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compaq Setup Manager

CyberLink YouCam

D3DX10

ESET Online Scanner v3

ESU for Microsoft Windows 7 SP1

EULAlyzer 2.2

Extended Update

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Documentation

HP Launch Box

HP MovieStore

HP On Screen Display

HP Power Manager

HP Product Detection

HP Quick Launch

HP QuickWeb

HP Setup

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

Java 7 Update 51

Junk Mail filter update

LG USB Modem driver

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 24.3.0 (x86 en-US)

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Nokia Connectivity Cable Driver

Nokia Suite

OpenOffice 4.0.1

PC Connectivity Solution

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Python 2.7.6 (64-bit)

Python 3.3.3 (64-bit)

Python 3.4.0b1

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Secunia PSI (3.0.0.7011)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Should I Remove It

Skype Click to Call

Skypeâ„¢ 6.11

Spybot - Search & Destroy

SUPERAntiSpyware

Surfing Protection

swMSM

Synaptics TouchPad Driver

Visual Studio 2010 x64 Redistributables

VLC media player 2.1.3

VSO Downloader 2.9.1.4

VSO Downloader 3.1.0.50

VSO EVE Network Driver version 0.4

Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinPcap 4.1.3

.

==== Event Viewer Messages From Past Week ========

.

2/17/2014 6:10:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

2/14/2014 8:33:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

2/14/2014 8:25:25 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

2/14/2014 8:25:19 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/14/2014 3:52:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

.

==== End Of File ===========================

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 5/26/2012 5:21:12 PM

System Uptime: 2/17/2014 6:10:00 AM (4 hours ago)

.

Motherboard: Hewlett-Packard | | 3672

Processor: Intel® Celeron® CPU B800 @ 1.50GHz | CPU1 | 1500/1067mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 279 GiB total, 222.483 GiB free.

D: is FIXED (NTFS) - 14 GiB total, 1.608 GiB free.

E: is FIXED (FAT32) - 4 GiB total, 1.071 GiB free.

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\WPD\0000

Manufacturer:

Name:

PNP Device ID: ROOT\WPD\0000

Service:

.

==== System Restore Points ===================

.

RP395: 2/8/2014 1:42:26 PM - avast! antivirus system restore point

RP396: 2/11/2014 7:14:41 AM - Windows Update

RP397: 2/12/2014 2:32:25 PM - Windows Update

RP398: 2/14/2014 8:44:05 PM - OTL Restore Point - 2/14/2014 8:44:02 PM

RP399: 2/15/2014 6:41:42 AM - avast! antivirus system restore point

RP400: 2/15/2014 1:33:48 PM - OTL Restore Point - 2/15/2014 1:33:45 PM

.

==== Installed Programs ======================

.

Adobe Flash Player 12 ActiveX

Adobe Flash Player 12 Plugin

Adobe Reader XI (11.0.06)

Adobe Shockwave Player 12.0

AMD APP SDK Runtime

AMD Catalyst Install Manager

avast! Free Antivirus

CCleaner

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Compaq Setup Manager

CyberLink YouCam

D3DX10

ESET Online Scanner v3

ESU for Microsoft Windows 7 SP1

EULAlyzer 2.2

Extended Update

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Update Helper

Hewlett-Packard ACLM.NET v1.2.1.1

HP Auto

HP Client Services

HP Customer Experience Enhancements

HP Documentation

HP Launch Box

HP MovieStore

HP On Screen Display

HP Power Manager

HP Product Detection

HP Quick Launch

HP QuickWeb

HP Setup

HP Software Framework

HP Support Assistant

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Internet TV for Windows Media Center

Java 7 Update 51

Junk Mail filter update

LG USB Modem driver

Malwarebytes Anti-Malware version 1.75.0.1300

Mesh Runtime

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

Mozilla Firefox 27.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 24.3.0 (x86 en-US)

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Nokia Connectivity Cable Driver

Nokia Suite

OpenOffice 4.0.1

PC Connectivity Solution

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Python 2.7.6 (64-bit)

Python 3.3.3 (64-bit)

Python 3.4.0b1

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Realtek PCIE Card Reader

REALTEK Wireless LAN Driver

Recovery Manager

RoxioNow Player

Secunia PSI (3.0.0.7011)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Should I Remove It

Skype Click to Call

Skypeâ„¢ 6.11

Spybot - Search & Destroy

SUPERAntiSpyware

Surfing Protection

swMSM

Synaptics TouchPad Driver

Visual Studio 2010 x64 Redistributables

VLC media player 2.1.3

VSO Downloader 2.9.1.4

VSO Downloader 3.1.0.50

VSO EVE Network Driver version 0.4

Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinPcap 4.1.3

.

==== Event Viewer Messages From Past Week ========

.

2/17/2014 6:10:16 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\Rtlihvs.dll Error Code: 126

2/14/2014 8:33:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

2/14/2014 8:25:25 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The RPC server is unavailable. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Rapid Storage Technology service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Management and Security Application User Notification Service service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7034] - The HP Software Framework Service service terminated unexpectedly. It has done this 1 time(s).

2/14/2014 8:25:20 PM, Error: Service Control Manager [7031] - The Intel® Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

2/14/2014 8:25:19 PM, Error: Service Control Manager [7038] - The WerSvc service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The remote procedure call failed. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

2/14/2014 3:52:39 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

.

==== End Of File ===========================

ComboFix 14-02-16.01 - Oscar 02/17/2014 11:02:53.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1438 [GMT -5:00]

Running from: c:\users\Oscar\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Setup_EZ_YouTube_Video_Downloader_v1.0.5.exe

c:\programdata\yvd_chrome_se.exe

c:\programdata\yvd_firefox_se.exe

c:\programdata\yvd_ie_se.exe

c:\users\Oscar\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2014-01-17 to 2014-02-17 )))))))))))))))))))))))))))))))

.

.

2014-02-17 16:11 . 2014-02-17 16:11 -------- d-----w- c:\users\Public\AppData\Local\temp

2014-02-17 16:11 . 2014-02-17 16:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-02-17 14:39 . 2014-02-17 14:39 -------- d-----w- C:\SUPERDelete

2014-02-16 13:20 . 2014-02-16 13:20 -------- d-----w- c:\users\Oscar\AppData\Roaming\SUPERAntiSpyware.com

2014-02-16 13:18 . 2014-02-16 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware

2014-02-16 13:18 . 2014-02-16 13:18 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2014-02-16 12:59 . 2014-02-16 12:59 -------- d-----w- c:\program files (x86)\EULAlyzer

2014-02-16 12:59 . 2011-05-15 20:00 118784 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2014-02-16 12:59 . 2011-05-15 20:00 115920 ----a-w- c:\windows\SysWow64\MSINET.OCX

2014-02-15 01:25 . 2014-02-15 01:25 -------- d-----w- c:\users\Oscar\AppData\Local\ChromeTabExtension

2014-02-14 18:25 . 2014-02-14 21:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2014-02-14 18:25 . 2013-04-04 19:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-02-14 17:49 . 2014-02-14 17:49 -------- d-----w- c:\windows\system32\%LOCALAPPDATA%

2014-02-14 15:14 . 2014-02-16 14:34 -------- d-----w- C:\AdwCleaner

2014-02-14 14:47 . 2014-02-14 14:47 -------- d-----w- c:\users\Oscar\AppData\Local\Diagnostics

2014-02-14 11:11 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EBCFB59C-4AEB-4E81-94E3-B7F635144E75}\mpengine.dll

2014-02-12 20:24 . 2014-02-14 13:25 -------- d-----w- c:\program files (x86)\WOWTrojan Removal Tool

2014-02-12 19:34 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll

2014-02-12 19:34 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-02-12 19:32 . 2014-02-06 10:11 5768704 ----a-w- c:\windows\system32\jscript9.dll

2014-02-12 19:11 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2014-02-12 19:11 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2014-02-12 19:11 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2014-02-12 19:11 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll

2014-02-12 19:07 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll

2014-02-12 19:07 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll

2014-02-12 19:07 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2014-02-12 19:07 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

2014-02-09 21:48 . 2013-10-14 16:57 274432 ----a-w- c:\windows\SysWow64\ssleay32.dll

2014-02-09 21:48 . 2013-10-14 16:57 1122304 ----a-w- c:\windows\SysWow64\libeay32.dll

2014-02-09 21:48 . 2013-10-14 16:57 81920 ----a-w- c:\windows\eSellerateControl350.dll

2014-02-09 21:48 . 2013-10-14 16:57 356352 ----a-w- c:\windows\eSellerateEngine.dll

2014-02-08 23:42 . 2014-02-08 23:42 -------- d-----w- c:\program files (x86)\wow search

2014-02-08 18:29 . 2014-02-08 21:38 -------- d-----w- c:\program files (x86)\Iomega

2014-02-08 18:28 . 2014-02-08 18:28 -------- d-----w- c:\users\Oscar\AppData\Roaming\Leadertech

2014-02-07 17:31 . 2014-02-10 12:34 -------- d-----w- c:\program files (x86)\VS Revo Group

2014-02-06 23:04 . 2014-02-06 23:04 -------- d-----w- c:\program files (x86)\Security Updates Service

2014-02-06 20:45 . 2014-02-06 20:48 -------- d-----w- c:\users\Oscar\dwhelper

2014-02-06 19:02 . 2014-02-16 01:08 272496 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll

2014-02-06 14:10 . 2014-02-06 23:21 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2014-01-24 22:45 . 2014-02-07 15:12 -------- d-----w- c:\program files\Recuva

2014-01-23 23:16 . 2014-02-08 21:39 -------- d-----w- c:\users\Oscar\AppData\Local\Downloaded Installations

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-02-15 11:43 . 2014-01-07 19:44 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys

2014-02-15 11:43 . 2013-07-29 21:12 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys

2014-02-15 11:43 . 2013-07-29 21:12 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2014-02-15 11:43 . 2013-07-29 21:12 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2014-02-15 11:43 . 2013-07-29 21:12 334136 ----a-w- c:\windows\system32\aswBoot.exe

2014-02-15 11:43 . 2013-07-29 21:11 43152 ----a-w- c:\windows\avastSS.scr

2014-02-12 19:44 . 2012-05-30 21:46 88567024 ----a-w- c:\windows\system32\MRT.exe

2014-02-05 11:39 . 2013-02-18 13:49 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-02-05 11:39 . 2013-02-18 13:49 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-01-15 11:49 . 2014-01-15 11:49 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-01-07 19:44 . 2013-07-29 21:12 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe

2013-12-11 12:55 . 2013-10-09 00:01 9272200 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2013-12-03 00:39 . 2013-07-29 21:12 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-12-03 00:39 . 2013-07-29 21:12 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-11-27 01:41 . 2014-01-15 11:39 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-11-27 01:41 . 2014-01-15 11:39 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-11-27 01:41 . 2014-01-15 11:39 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-11-27 01:41 . 2014-01-15 11:39 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-11-27 01:41 . 2014-01-15 11:39 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-11-27 01:41 . 2014-01-15 11:39 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-11-27 01:41 . 2014-01-15 11:39 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-11-26 11:40 . 2014-01-15 11:39 376768 ----a-w- c:\windows\system32\drivers\netio.sys

2013-11-26 10:32 . 2014-01-15 11:39 3156480 ----a-w- c:\windows\system32\win32k.sys

2013-11-25 00:09 . 2013-11-25 00:09 2717184 ----a-w- c:\windows\SysWow64\python34.dll

2013-11-25 00:07 . 2013-11-25 00:07 102912 ----a-w- c:\windows\pyw.exe

2013-11-25 00:07 . 2013-11-25 00:07 102400 ----a-w- c:\windows\py.exe

2013-11-23 18:26 . 2013-12-11 21:38 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-11-23 17:47 . 2013-12-11 21:38 465920 ----a-w- c:\windows\system32\WMPhoto.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]

"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-12-21 1090040]

"GoogleChromeAutoLaunch_D08D9DAE1EAB6F612F08AF40ADD97038"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-02-01 866632]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]

"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]

"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-15 3767096]

"Wondershare Helper Compact.exe"="c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2013-07-25 1985824]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2013-7-3 563416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe;c:\program files (x86)\Secunia\PSI\sua.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 efavdrv;efavdrv;c:\windows\system32\drivers\efavdrv.sys;c:\windows\SYSNATIVE\drivers\efavdrv.sys [x]

R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 rcmirror;rcmirror;c:\windows\system32\DRIVERS\rcmirror.sys;c:\windows\SYSNATIVE\DRIVERS\rcmirror.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 Eve;EVE Protocol Driver;c:\windows\system32\DRIVERS\eve.sys;c:\windows\SYSNATIVE\DRIVERS\eve.sys [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]

S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]

S2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]

S2 Security Updates Service;Security Updates Service;c:\program files (x86)\Security Updates Service\winupdsvc.exe;c:\program files (x86)\Security Updates Service\winupdsvc.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf_amd64.sys [x]

S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-02-04 22:15 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-02-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 11:39]

.

2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54]

.

2014-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-01 23:54]

.

2014-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000Core.job

- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]

.

2014-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3309490343-1712508466-2320962761-1000UA.job

- c:\users\Oscar\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-13 11:08]

.

2014-02-17 c:\windows\Tasks\HPCeeScheduleForOscar.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-02-15 11:43 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-11-10 7158344]

"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-11-07 171992]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-11-07 399832]

"Persistence"="c:\windows\system32\igfxpers.exe" [2013-11-07 442328]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page =

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride =

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\Oscar\AppData\Roaming\Mozilla\Firefox\Profiles\5c9vv1yl.default-1392513503432\

FF - prefs.js: browser.search.selectedEngine - wow search

.

- - - - ORPHANS REMOVED - - - -

.

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-AffiliatedUpdate - c:\users\Oscar\AppData\Roaming\AffiliatedUpdate\UpdateProc\UpdateTask.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_44_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_44.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2014-02-17 11:19:52 - machine was rebooted

ComboFix-quarantined-files.txt 2014-02-17 16:19

.

Pre-Run: 236,872,212,480 bytes free

Post-Run: 236,847,767,552 bytes free

.

- - End Of File - - 9493B2860BC0EBCEE62608F77D378093

Share this post


Link to post
Share on other sites

Ore, is the problem still there with UTOP.IT ?

 

Sometimes this will happen with 2 things.

1. Something wrong with Firefox so  they will reset it !

2. From playing World of WarCraft, they delete it !

 

Can't find much on it ! You have no idea whenyou picked it up or what it ca,e with ?

 

Chuck

 

 

You can remove DDS !

Time for some housekeeping
[*] Click START then RUN [*] Now type Combofix /Uninstall in the runbox and click OK( please note the space between Combofix and the /, it is needed.)

CF-Uninstall.png


The above procedure will reset your System Restore and clear out the backups and quarantines created during the course of this fix.

Once you have typed this in, press Enter on your keyboard. A Open File security warning will appear asking if you are sure you want to run ComboFix.
Please click on the Run button to start the program.

ComboFix will now uninstall itself from your computer and remove any backups and quarantined files.
When it has finished you will be greeted by a dialog box stating that ComboFix has been uninstalled.
You can now delete the ComboFix.exe program from your computer.
ComboFix has now been uninstalled from your Windows Vista or Windows 7 computer.
 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this