LenCOH

"Browser Manager" seems to be a virus?

51 posts in this topic

Good.....

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Java™ 6 Update 25 <---uninstall from add/remove programs
Java 7 Update 25 <----OK


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Thanks Mr. Charlie! I did the clean up and removed the older version of Java. One question. There is a program that was installed on the laptop  that cannot be removed using Control Panel.  The windows installer pop-up says:

 

"The installed product does not match the installation source(s). Until a matching source is provided or the installed product and source are synchronized, this action cannot be performed. Contact your administrator or product vendor for assistance. If there is a matching installation source, type it below or click  Browse to locate it."

 

The program is Oovoo, a video chat service. I think it was also causing some of the freezing and slow behavior as it was automatically loading at start up. I tried browsing for Oovoosetup.msi. I find a file but it gives me the error above.  Would you have any suggestions on an program removal utility that doesn't use the Windows uninstall functionality? I tried using CCleaner to remove Oovoo but it just ran the windows uninstall program.

Share this post


Link to post
Share on other sites

Look inside of this folder and see if there's an uninstaller:

C:\Program Files (x86)\ooVoo

MrC

Share this post


Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
MrC

Share this post


Link to post
Share on other sites

Mr. Charlie. I ran FRST as you suggested. I did notice that there are two Microsoft updates that Windows Update cannot install. They are both Microsoft .NET Framework Security Patches. This is in addition to the OoVoo de-installation issue.  Thanks again for your help! Here are the logs:

 

FRST.TXT:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2013
Ran by Alex (administrator) on 28-06-2013 19:00:17
Running from C:\Users\Alex\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Spotify Ltd) C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\windows\system32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: []  [x]
HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3  [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)
HKCU\...\Run: [spotify Web Helper] "C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1105408 2013-05-11] (Spotify Ltd)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
MountPoints2: E - E:\TL_Bootstrap.exe
MountPoints2: {41041820-235a-11e2-9559-dc0ea14727eb} - E:\setup.exe -a
MountPoints2: {85e938bb-13f7-11e2-ad9c-dc0ea14727eb} - E:\setup.exe -a
MountPoints2: {ba4a0a29-26f7-11e2-8cff-dc0ea14727eb} - E:\MotorolaDeviceManagerSetup.exe -a
MountPoints2: {c8ac39d8-c66d-11e2-a108-dc0ea14727eb} - E:\TL_Bootstrap.exe
HKLM-x32\...\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [x]
HKLM-x32\...\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe" [2153328 2011-11-21] ()
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot [296096 2012-09-06] (RealNetworks, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey [2249352 2013-06-05] (Microsoft Corp.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
HKCU SearchScopes: DefaultScope {49B177D9-CF3D-4A18-9066-2E5C3B9E75DD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN36663933671742811&UM=2&SSPV=TB_C5
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {49B177D9-CF3D-4A18-9066-2E5C3B9E75DD} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN36663933671742811&UM=2&SSPV=TB_C5
SearchScopes: HKCU - {56D93A91-D98F-4306-BC64-31F046E95E9F} URL = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {9E2549A2-0C1C-45F9-B114-154574120147} URL = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^UT^US&apn_uid=b7b19dbe-a95b-490e-bc07-0b1c3dc5373b&apn_sauid=909C935D-D8F0-4F0B-9EC3-411573F3A153
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: No Name - {878B8524-AED5-4870-9A96-A515440DAC75} -  No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8b1knx3h.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Components] C:\Program Files (x86)\Mozilla Firefox\components
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\components
FF HKLM-x32\...\Mozilla Firefox 22.0\Extensions: [Plugins] C:\Program Files (x86)\Mozilla Firefox\plugins

Chrome:
=======

==================== Services (Whitelisted) =================

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-06-27] ()
S3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [36680 2013-06-27] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 mbamswissarmy; C:\windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-27] (Malwarebytes Corporation)
S3 mbamswissarmy; C:\windows\system32\drivers\mbamswissarmy.sys [162008 2013-06-27] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S3 cpuz135; \??\C:\Users\Alex\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-28 18:51 - 2013-06-28 18:51 - 01933484 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-06-28 18:51 - 2013-06-28 18:51 - 00000000 ____D C:\FRST
2013-06-28 18:46 - 2013-06-28 18:46 - 00004767 ____A C:\AdwCleaner[s2].txt
2013-06-28 18:45 - 2013-06-28 18:45 - 00004516 ____A C:\AdwCleaner[R4].txt
2013-06-28 18:35 - 2013-06-28 18:47 - 00000168 ____A C:\Windows\setupact.log
2013-06-28 18:35 - 2013-06-28 18:43 - 00002792 ____A C:\Windows\PFRO.log
2013-06-28 18:35 - 2013-06-28 18:35 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 18:24 - 2013-06-28 18:24 - 00000258 _RASH C:\Users\Alex\ntuser.pol
2013-06-27 02:18 - 2013-06-27 02:18 - 00001631 ____A C:\Users\Alex\Desktop\RKreport[0]_D_06272013_021851.txt
2013-06-27 02:18 - 2013-06-27 02:18 - 00001582 ____A C:\Users\Alex\Desktop\RKreport[0]_S_06272013_021837.txt
2013-06-27 02:16 - 2013-06-27 02:20 - 00000000 ____D C:\Users\Alex\Desktop\RK_Quarantine
2013-06-27 00:21 - 2013-06-27 00:21 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-27 00:16 - 2013-06-27 00:17 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-27 00:03 - 2013-06-27 00:03 - 00244224 ____A C:\Users\Alex\Downloads\CF_UNINST.EXE
2013-06-25 12:06 - 2013-06-25 12:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-24 18:03 - 2013-06-27 00:23 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-24 17:59 - 2013-06-24 18:00 - 00000000 ____D C:\Users\Alex\Downloads\mbar
2013-06-24 17:55 - 2013-06-24 17:57 - 13399154 ____A C:\Users\Alex\Downloads\mbar-1.06.0.1004.zip
2013-06-23 22:42 - 2013-06-27 01:57 - 00000000 ____D C:\Program Files\CCleaner
2013-06-23 22:01 - 2013-06-23 22:02 - 00001124 ____A C:\AdwCleaner[R3].txt
2013-06-23 21:46 - 2013-06-23 21:46 - 00005323 ____A C:\AdwCleaner[s1].txt
2013-06-23 19:55 - 2013-06-23 19:55 - 00005388 ____A C:\AdwCleaner[R2].txt
2013-06-23 19:50 - 2013-06-23 19:50 - 00005328 ____A C:\AdwCleaner[R1].txt
2013-06-23 19:47 - 2013-06-23 19:49 - 00648201 ____A C:\Users\Alex\Desktop\adwcleaner.exe
2013-06-23 18:55 - 2013-06-23 18:56 - 03757568 ____A C:\Users\Alex\Desktop\RogueKillerX64.exe
2013-06-23 18:46 - 2013-06-23 18:46 - 00011295 ____A C:\Users\Alex\Desktop\attach.txt
2013-06-23 16:13 - 2013-06-24 00:37 - 00000000 ____D C:\Users\Alex\AppData\Roaming\QuickScan
2013-06-23 11:55 - 2012-08-23 10:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-06-23 11:55 - 2012-08-23 10:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-06-23 11:55 - 2012-08-23 10:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-06-23 11:55 - 2012-08-23 10:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-06-23 11:55 - 2012-08-23 09:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-06-23 11:55 - 2012-08-23 09:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-06-23 11:55 - 2012-08-23 09:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-06-23 11:55 - 2012-08-23 09:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-06-23 11:55 - 2012-08-23 09:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-06-23 11:55 - 2012-08-23 09:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-06-23 11:55 - 2012-08-23 09:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-06-23 11:55 - 2012-08-23 09:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-06-23 11:55 - 2012-08-23 09:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-06-23 11:55 - 2012-08-23 08:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-06-23 11:55 - 2012-08-23 07:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-06-23 11:55 - 2012-08-23 07:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-06-23 11:55 - 2012-08-23 07:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-06-23 11:55 - 2012-08-23 07:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-06-23 11:55 - 2012-08-23 06:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-06-23 11:55 - 2012-08-23 06:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-06-23 11:55 - 2012-08-23 06:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-06-23 11:55 - 2012-08-23 06:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-06-23 11:55 - 2012-08-23 05:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-06-23 11:55 - 2012-08-23 04:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-06-23 11:55 - 2012-08-23 04:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-06-23 11:35 - 2012-08-24 14:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-06-23 11:35 - 2012-08-24 14:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-06-23 11:35 - 2012-08-24 14:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-06-23 11:35 - 2012-08-24 14:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-06-23 11:35 - 2012-08-24 12:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-06-23 11:35 - 2012-08-24 12:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-06-23 11:35 - 2012-08-24 12:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-06-23 11:35 - 2012-05-04 07:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-06-23 11:35 - 2012-05-04 05:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-06-23 11:34 - 2013-04-17 03:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-23 11:34 - 2013-04-17 02:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-22 23:28 - 2013-06-22 23:28 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Oracle
2013-06-22 23:26 - 2013-06-22 23:26 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-22 23:26 - 2013-06-22 23:26 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-22 23:12 - 2013-06-28 18:47 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Alex.job
2013-06-22 23:12 - 2013-06-28 02:04 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Alex.job
2013-06-22 23:12 - 2013-06-27 21:15 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Alex.job
2013-06-22 22:31 - 2013-06-22 22:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 22:31 - 2013-06-22 22:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 22:31 - 2013-06-22 22:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 22:31 - 2013-06-22 22:31 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 22:31 - 2013-06-22 22:31 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 22:31 - 2013-06-22 22:31 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 22:31 - 2013-06-22 22:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 22:31 - 2013-06-22 22:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 22:31 - 2013-06-22 22:31 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 22:31 - 2013-06-22 22:31 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 22:31 - 2013-06-22 22:31 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 22:29 - 2013-06-22 22:29 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 20:52 - 2013-05-13 01:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-22 20:52 - 2013-05-13 01:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-22 20:52 - 2013-05-13 01:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-22 20:52 - 2013-05-13 01:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-22 20:52 - 2013-05-13 00:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-22 20:52 - 2013-05-13 00:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-22 20:52 - 2013-05-13 00:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-22 20:52 - 2013-05-12 23:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-22 20:52 - 2013-05-12 23:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-22 20:52 - 2013-05-12 23:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-22 20:52 - 2013-05-10 01:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-22 20:52 - 2013-05-09 23:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-22 20:52 - 2013-05-08 02:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-22 20:52 - 2013-04-26 01:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-22 20:52 - 2013-04-26 00:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-22 20:50 - 2013-04-25 19:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-22 20:50 - 2013-03-31 18:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-04 16:14 - 2013-06-04 16:14 - 00000000 ____D C:\b4ef0b8e6bea13541887154d54
2013-05-29 12:36 - 2013-05-29 12:36 - 00000000 ____D C:\992e1a1bde3e77ed0fce

==================== One Month Modified Files and Folders =======

2013-06-28 19:01 - 2012-07-23 14:01 - 00000254 ____A C:\Windows\Tasks\HP Photo Creations Messager.job
2013-06-28 18:56 - 2012-02-29 01:11 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-28 18:55 - 2009-07-14 00:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-28 18:55 - 2009-07-14 00:45 - 00025120 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-28 18:52 - 2009-07-14 01:13 - 00744706 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-28 18:51 - 2013-06-28 18:51 - 01933484 ____A (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2013-06-28 18:51 - 2013-06-28 18:51 - 00000000 ____D C:\FRST
2013-06-28 18:47 - 2013-06-28 18:35 - 00000168 ____A C:\Windows\setupact.log
2013-06-28 18:47 - 2013-06-22 23:12 - 00000372 ____A C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Alex.job
2013-06-28 18:47 - 2012-02-29 01:11 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-28 18:47 - 2009-07-14 01:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-28 18:46 - 2013-06-28 18:46 - 00004767 ____A C:\AdwCleaner[s2].txt
2013-06-28 18:46 - 2012-02-29 00:46 - 01999223 ____A C:\Windows\WindowsUpdate.log
2013-06-28 18:45 - 2013-06-28 18:45 - 00004516 ____A C:\AdwCleaner[R4].txt
2013-06-28 18:43 - 2013-06-28 18:35 - 00002792 ____A C:\Windows\PFRO.log
2013-06-28 18:35 - 2013-06-28 18:35 - 00000000 ____A C:\Windows\setuperr.log
2013-06-28 18:26 - 2013-03-30 18:19 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-28 18:24 - 2013-06-28 18:24 - 00000258 _RASH C:\Users\Alex\ntuser.pol
2013-06-28 18:24 - 2012-07-20 22:50 - 00000000 ____D C:\users\Alex
2013-06-28 18:24 - 2009-07-13 23:20 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-28 18:24 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2013-06-28 18:14 - 2011-11-22 00:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-28 02:04 - 2013-06-22 23:12 - 00000362 ____A C:\Windows\Tasks\ReclaimerUpdateXML_Alex.job
2013-06-27 21:15 - 2013-06-22 23:12 - 00000366 ____A C:\Windows\Tasks\ReclaimerUpdateFiles_Alex.job
2013-06-27 04:58 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-06-27 02:20 - 2013-06-27 02:16 - 00000000 ____D C:\Users\Alex\Desktop\RK_Quarantine
2013-06-27 02:18 - 2013-06-27 02:18 - 00001631 ____A C:\Users\Alex\Desktop\RKreport[0]_D_06272013_021851.txt
2013-06-27 02:18 - 2013-06-27 02:18 - 00001582 ____A C:\Users\Alex\Desktop\RKreport[0]_S_06272013_021837.txt
2013-06-27 01:57 - 2013-06-23 22:42 - 00000000 ____D C:\Program Files\CCleaner
2013-06-27 00:47 - 2013-05-24 01:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-06-27 00:46 - 2012-08-16 22:40 - 00001868 ____A C:\Users\Public\Desktop\ooVoo.lnk
2013-06-27 00:46 - 2012-08-16 22:40 - 00000000 ____D C:\Program Files (x86)\ooVoo
2013-06-27 00:23 - 2013-06-24 18:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-27 00:21 - 2013-06-27 00:21 - 00162008 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-06-27 00:17 - 2013-06-27 00:16 - 00036680 ____A C:\Windows\System32\Drivers\mbamchameleon.sys
2013-06-27 00:03 - 2013-06-27 00:03 - 00244224 ____A C:\Users\Alex\Downloads\CF_UNINST.EXE
2013-06-26 23:57 - 2011-11-22 00:31 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-25 12:06 - 2013-06-25 12:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-25 12:06 - 2012-08-22 09:03 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Mozilla
2013-06-24 18:00 - 2013-06-24 17:59 - 00000000 ____D C:\Users\Alex\Downloads\mbar
2013-06-24 17:57 - 2013-06-24 17:55 - 13399154 ____A C:\Users\Alex\Downloads\mbar-1.06.0.1004.zip
2013-06-24 00:37 - 2013-06-23 16:13 - 00000000 ____D C:\Users\Alex\AppData\Roaming\QuickScan
2013-06-23 22:58 - 2011-11-22 15:33 - 00000000 ____D C:\Windows\Panther
2013-06-23 22:57 - 2012-08-13 22:39 - 00000000 ____D C:\Users\Alex\AppData\Local\CrashDumps
2013-06-23 22:02 - 2013-06-23 22:01 - 00001124 ____A C:\AdwCleaner[R3].txt
2013-06-23 21:46 - 2013-06-23 21:46 - 00005323 ____A C:\AdwCleaner[s1].txt
2013-06-23 19:55 - 2013-06-23 19:55 - 00005388 ____A C:\AdwCleaner[R2].txt
2013-06-23 19:50 - 2013-06-23 19:50 - 00005328 ____A C:\AdwCleaner[R1].txt
2013-06-23 19:49 - 2013-06-23 19:47 - 00648201 ____A C:\Users\Alex\Desktop\adwcleaner.exe
2013-06-23 18:56 - 2013-06-23 18:55 - 03757568 ____A C:\Users\Alex\Desktop\RogueKillerX64.exe
2013-06-23 18:46 - 2013-06-23 18:46 - 00011295 ____A C:\Users\Alex\Desktop\attach.txt
2013-06-23 11:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-06-22 23:28 - 2013-06-22 23:28 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Oracle
2013-06-22 23:26 - 2013-06-22 23:26 - 00263592 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-22 23:26 - 2013-06-22 23:26 - 00096168 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-22 23:26 - 2012-11-15 15:22 - 00867240 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2013-06-22 23:26 - 2012-11-15 15:22 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-22 23:26 - 2012-11-15 15:22 - 00175016 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-22 23:26 - 2011-11-22 00:31 - 00789416 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-06-22 23:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-22 23:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-22 23:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\zh-HK
2013-06-22 23:08 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\System32\tr-TR
2013-06-22 22:31 - 2013-06-22 22:31 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-22 22:31 - 2013-06-22 22:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-22 22:31 - 2013-06-22 22:31 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-06-22 22:31 - 2013-06-22 22:31 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-06-22 22:31 - 2013-06-22 22:31 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-06-22 22:31 - 2013-06-22 22:31 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-06-22 22:31 - 2013-06-22 22:31 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2013-06-22 22:31 - 2013-06-22 22:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-06-22 22:31 - 2013-06-22 22:31 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-06-22 22:31 - 2013-06-22 22:31 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-06-22 22:31 - 2013-06-22 22:31 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00053760 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-06-22 22:31 - 2013-06-22 22:31 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-06-22 22:31 - 2013-06-22 22:31 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-06-22 22:29 - 2013-06-22 22:29 - 03928064 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 03419136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 02776576 ____A (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 02565120 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 02284544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01988096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01682432 ____A (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01643520 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01247744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01238528 ____A (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01175552 ____A (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01158144 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 01080832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00648192 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00604160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00522752 ____A (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00465920 ____A (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00417792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00364544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00363008 ____A (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00333312 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00296960 ____A (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00293376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00249856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00245248 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00220160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00207872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00194560 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00187392 ____A (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00161792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00010752 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00010752 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00009728 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00009728 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00005632 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00002560 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 22:29 - 2013-06-22 22:29 - 00002560 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-22 22:27 - 2012-09-06 13:10 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-22 22:27 - 2011-11-22 00:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-22 21:23 - 2013-02-14 13:02 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-22 21:20 - 2013-05-06 18:32 - 00000000 ____D C:\Users\Alex\AppData\Roaming\Systweak
2013-06-04 16:14 - 2013-06-04 16:14 - 00000000 ____D C:\b4ef0b8e6bea13541887154d54
2013-05-29 12:36 - 2013-05-29 12:36 - 00000000 ____D C:\992e1a1bde3e77ed0fce

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-06-23 08:04

==================== End Of Log ============================

 

ADDITION.TXT

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-06-2013
Ran by Alex at 2013-06-28 19:02:06
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe AIR (x32 Version: 2.6.0.19140)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.3)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Bing Desktop (x32 Version: 1.3.167.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 4.03)
D3DX10 (x32 Version: 15.4.2368.0902)
Google Earth (x32 Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4209.2358)
Google Update Helper (x32 Version: 1.3.21.145)
HP Deskjet 3050A J611 series Basic Device Software (Version: 25.0.571.0)
HP Deskjet 3050A J611 series Help (x32 Version: 140.0.2.2)
HP Deskjet 3050A J611 series Product Improvement Study (Version: 25.0.571.0)
HP Photo Creations (x32 Version: 1.0.0.5192)
HP Photosmart 7510 series Basic Device Software (Version: 25.0.571.0)
HP Photosmart 7510 series Help (x32 Version: 140.0.2.2)
HP Update (x32 Version: 5.005.000.002)
HPDiagnosticAlert (x32 Version: 1.00.0000)
iCloud (Version: 2.1.2.8)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2430)
Intel® PROSet/Wireless WiFi Software (Version: 14.01.1000)
Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004)
Intel® WiDi (x32 Version: 2.1.42.0)
Intel® Wireless Display
iTunes (Version: 11.0.2.26)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JMicron Flash Media Controller Driver (x32 Version: 1.0.57.2)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Label@Once 1.0 (x32 Version: 1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5139.5005)
Microsoft PowerPoint Viewer (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
ooVoo (x32 Version: 3.5.8022)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (x32 Version: 1.3.0)
QuickTime (x32 Version: 7.73.80.64)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.6)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6305)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0)
Skype™ 5.10 (x32 Version: 5.10.116)
Spotify (HKCU Version: 0.9.0.133.gd18ed589)
Synaptics Pointing Device Driver (Version: 15.2.11.1)
TOSHIBA Application Installer (x32 Version: 9.0.1.2)
TOSHIBA Assist (x32 Version: 4.2.3.0)
Toshiba Book Place (x32 Version: 2.2.7530)
TOSHIBA Bulletin Board (Version: 1.6.11.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.11.64)
TOSHIBA Disc Creator (Version: 2.1.0.11 for x64)
TOSHIBA eco Utility (Version: 1.3.5.64)
TOSHIBA Face Recognition (Version: 3.1.17.64)
TOSHIBA Face Recognition (x32 Version: 3.1.17.64)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C)
TOSHIBA HDD Protection (Version: 2.2.2.15)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.9)
TOSHIBA Media Controller (x32 Version: 1.0.87.4)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.8.0)
TOSHIBA PC Health Monitor (Version: 1.7.9.64)
TOSHIBA Quality Application (x32 Version: 1.0.4)
TOSHIBA Recovery Media Creator (x32 Version: 2.1.5.5109a)
TOSHIBA ReelTime (Version: 1.7.21.64)
TOSHIBA ReelTime (x32 Version: 1.7.21.64)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.2001)
TOSHIBA Service Station (x32 Version: 2.3.0)
TOSHIBA Sleep Utility (x32 Version: 1.4.2.8)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C)
TOSHIBA Value Added Package (Version: 1.6.1.64)
TOSHIBA Value Added Package (x32 Version: 1.6.1.64)
TOSHIBA VIDEO PLAYER (x32 Version: 4.00.7.06-A)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3)
TOSHIBA Wireless Display Monitor (x32 Version: 1.0.1)
TOSHIBARegistration (x32 Version: 1.0.9)
Utility Common Driver (x32 Version: 1.0.52.3C)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

==================== Restore Points  =========================

28-06-2013 04:00:03 Scheduled Checkpoint
28-06-2013 05:59:59 Windows Update
28-06-2013 22:13:41 Removed TOSHIBA Flash Cards Support Utility

==================== Scheduled Tasks (whitelisted) =============

Task: {279ED7BE-2C56-49F6-8EC3-C04B4A631992} - System32\Tasks\RNUpgradeHelperResumePrompt_Alex => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-22] (RealNetworks, Inc.)
Task: {338BABCB-2F2B-43F9-9D8F-7B39BE0C9C3C} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-22] (Adobe Systems Incorporated)
Task: {37447877-A1F3-4B2E-943E-8045547CBC04} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {3AF4CC10-43E4-4783-8429-D47D4B146CFD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {5582B4A0-9171-4C56-80F5-4217DA8AD99E} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1405342109-1089225667-1844177520-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {62326809-DFF5-4BEF-A8F0-23756D3B5699} - System32\Tasks\HP Photo Creations Messager => C:\ProgramData\HP Photo Creations\MessageCheck.exe [2011-02-15] ()
Task: {7D3C2B41-CB24-4B80-9BC2-ACB2C86E4FD1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {8A824193-17C6-4053-A9BF-3512F1C05498} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-29] (Google Inc.)
Task: {A093F146-B467-422D-A601-C09BD444B9B7} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {A2B6B4D6-C501-4869-83A9-580382B44894} - System32\Tasks\RNUpgradeHelperLogonPrompt_Alex => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-22] (RealNetworks, Inc.)
Task: {B8D19FC7-8CA5-4798-952E-2572D33EAB2B} - System32\Tasks\ReclaimerUpdateFiles_Alex => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-22] (RealNetworks, Inc.)
Task: {D737F0EA-9EB4-471C-9048-4B3FDCD78A17} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {DBEF7907-CF95-48BF-96CE-7A593FB6A314} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1405342109-1089225667-1844177520-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {E4D4D8F6-9E4C-4AB9-A324-FD1EB385558C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E5A2A2D2-AD5A-4285-8342-EBB88DD1B471} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {F87C0ECC-07BF-4B1B-AD79-00BC4D2A51C7} - System32\Tasks\ReclaimerUpdateXML_Alex => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-22] (RealNetworks, Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Messager.job => C:\ProgramData\HP Photo Creations\MessageCheck.exe
Task: C:\windows\Tasks\ReclaimerUpdateFiles_Alex.job => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\windows\Tasks\ReclaimerUpdateXML_Alex.job => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\windows\Tasks\RNUpgradeHelperLogonPrompt_Alex.job => C:\Users\Alex\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2013 06:47:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 06:43:34 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 06:36:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 09:50:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 04:41:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2789642' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB2789642_20130628_031632094-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (06/28/2013 04:32:41 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.

Error: (06/28/2013 03:13:25 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile - Update 'KB2804576' could not be installed. Error code 1603. Additional information is available in the log file C:\windows\TEMP\KB2804576_20130628_020011239-Microsoft .NET Framework 4 Client Profile-MSP0.txt.

Error: (06/28/2013 03:06:23 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.

Error: (06/27/2013 04:41:27 AM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created.  Additional information: (0x81000101).

Error: (06/27/2013 04:41:27 AM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

System errors:
=============
Error: (06/28/2013 06:22:31 PM) (Source: Service Control Manager) (User: )
Description: The Bing Desktop Update service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/28/2013 10:03:20 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (06/28/2013 04:42:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the sftlist service.

Error: (06/28/2013 04:41:41 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642).

Error: (06/28/2013 04:03:30 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (06/28/2013 04:03:29 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (06/28/2013 04:03:28 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (06/28/2013 04:02:21 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (06/28/2013 04:02:20 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Error: (06/28/2013 04:02:19 AM) (Source: iaStor) (User: )
Description: The device, \Device\Ide\iaStor0, did not respond within the timeout period.

Microsoft Office Sessions:
=========================
Error: (06/28/2013 06:47:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 06:43:34 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 06:36:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 09:50:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/28/2013 04:41:41 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4 Client ProfileKB27896421603C:\windows\TEMP\KB2789642_20130628_031632094-Microsoft .NET Framework 4 Client Profile-MSP0.txt(NULL)(NULL)

Error: (06/28/2013 04:32:41 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/28/2013 03:13:25 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 4 Client ProfileKB28045761603C:\windows\TEMP\KB2804576_20130628_020011239-Microsoft .NET Framework 4 Client Profile-MSP0.txt(NULL)(NULL)

Error: (06/28/2013 03:06:23 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 4 Client Profile -- There is a problem with this Windows Installer package. Please refer to the setup log for more information.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (06/27/2013 04:41:27 AM) (Source: System Restore)(User: )
Description: 0x81000101

Error: (06/27/2013 04:41:27 AM) (Source: System Restore)(User: )
Description: C:\windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

CodeIntegrity Errors:
===================================
  Date: 2013-04-12 15:57:52.889
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2013-04-12 15:57:52.839
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 6051.76 MB
Available physical RAM: 4145.66 MB
Total Pagefile: 12101.71 MB
Available Pagefile: 9962.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:682.11 GB) (Free:635.36 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)

==================== End Of Log ============================

Share this post


Link to post
Share on other sites
Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log  (Fixlog.txt) please post it to your reply.

 

MrC

 

Share this post


Link to post
Share on other sites

Here you go.

 

FIXLOG:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-06-2013
Ran by Alex at 2013-06-28 22:52:13 Run:1
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==============================================

C:\Users\Public\Desktop\ooVoo.lnk => Moved successfully.
C:\Program Files (x86)\ooVoo => Moved successfully.

==== End of Fixlog ====

Share this post


Link to post
Share on other sites

OK, what's left to do?? MrC

Share this post


Link to post
Share on other sites

Mr. Charlie, It appears that Oovoo is still installed. Attached is a snapshot of my control panel. OoVoo is on the right. In addition, the two security patches and one update from Microsoft .NET framework won't install so every time we shut down, the shut down process takes about 30 minutes while the update tries to run. I have tried to install them using Windows Update but they fail there as well. I have searched the Microsoft website and ran a Windows Update Repair tool. It says it fixes something but the installs continue to fail. Finally, there is still a freeze on initial boot or after the laptop has gone to sleep mode. That freeze period lasts 1 minute to 15 minutes. After that, the laptop works normally. Let me know if we are going beyond the realm of this support forum. I don't want to abuse the support your team already provides. The laptop is definitely working better with the exception of these three issues.

post-121328-0-41008400-1372524402_thumb.

Oovoo still there.htm

post-121328-0-73543900-1372544639_thumb.

Share this post


Link to post
Share on other sites

Refer to the CCleaner tutorial:

http://www.howtogeek.com/113382/how-to-use-ccleaner-like-a-pro-9-tips-tricks/

Look under.....

Manage Installed Programs

Find Oovoo and delete it.

----------------------------------------------------

Download and run Fixit and see if you can install the updates now:

http://support.microsoft.com/mats/Program_Install_and_Uninstall/

MrC

Share this post


Link to post
Share on other sites

Hello Mr. Charlie. I tried CCleaner as you suggested and I followed the Tips and Tricks you provided. Unfortunately, an error occurs when I try to delete OoVoo saying that it i"Cannot delete the .MSI Installer." Oovoo remains in the list. I have stopped Oovoo from running on startup by making the change in OoVoo's settings but I can't uninstall it.

 

I think the bigger issue is the fact that the two .NET framework security patches and the one .NET Framework update will not load.  I ran the FIXIT program on Windows Update as you suggested. I then tried to install the updates but they would not install.  In fact, my previous estimate for shutting down was understated. It takes the laptop over two hours to shut down while it tries to install these updates!

Share this post


Link to post
Share on other sites
Please download OTL from one of the links below:




 

Save it to your desktop.

Double click on the icon on your desktop.

Click the Scan All Users checkbox.

Push the Quick Scan button.

 

The scan will take about 10 minutes...depends on your hard drive size.

 

Two reports will open, copy and paste them in a reply here: (or attach them as .txt files)

OTL.txt <-- Will be opened

Extra.txt <-- Will be minimized

 

MrC

Share this post


Link to post
Share on other sites

Here is OTL.txt:

 

OTL logfile created on: 7/1/2013 8:36:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.29% Memory free
11.82 Gb Paging File | 9.55 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 635.95 Gb Free Space | 93.23% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/07/01 20:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2013/06/14 21:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/06/05 13:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
PRC - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/11 01:27:54 | 001,105,408 | ---- | M] (Spotify Ltd) -- C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2013/05/05 19:41:14 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/06 15:21:33 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/12/25 20:05:54 | 001,716,144 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
PRC - [2010/06/04 20:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/06/14 21:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/14 21:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/14 21:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/14 21:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/14 21:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/14 21:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/07/01 15:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/10 01:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/06/01 16:38:30 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/06/01 16:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/06/01 16:19:58 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2011/05/24 13:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 18:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2011/04/20 19:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)
SRV:64bit: - [2010/10/20 18:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/06/22 22:27:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/18 10:21:21 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/05 13:40:50 | 000,173,192 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe -- (BingDesktopUpdate)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/11/21 19:32:40 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/02/01 17:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/06/27 00:21:48 | 000,162,008 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV:64bit: - [2013/06/27 00:17:22 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/05 16:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011/08/05 16:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011/06/27 13:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/06/09 23:28:22 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2011/05/01 18:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2011/03/23 21:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 18:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 18:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/02/08 23:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 23:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/31 20:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/01/12 21:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 23:24:15 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 20:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/03/22 14:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009/07/31 00:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 19:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/29 20:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/19 23:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes,DefaultScope = {49B177D9-CF3D-4A18-9066-2E5C3B9E75DD}
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{031A5946-DBD8-4AB7-BF07-9875BBD35BE5}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO_enUS493
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{49B177D9-CF3D-4A18-9066-2E5C3B9E75DD}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289847&CUI=UN36663933671742811&UM=2&SSPV=TB_C5
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{56D93A91-D98F-4306-BC64-31F046E95E9F}: "URL" = http://search.conduit.com/Results.aspx?ctid=CT3300018&SearchSource=45&UM=2&q={searchTerms}
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\SearchScopes\{9E2549A2-0C1C-45F9-B114-154574120147}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=OVO2&o=2159&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=^A2E&apn_dtid=^YYYYYY^UT^US&apn_uid=b7b19dbe-a95b-490e-bc07-0b1c3dc5373b&apn_sauid=909C935D-D8F0-4F0B-9EC3-411573F3A153
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/06 15:21:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/24 01:51:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013/06/25 12:06:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Extensions
[2013/06/28 18:46:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\8b1knx3h.default\extensions
[2013/06/26 23:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/05/24 01:51:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/06/25 12:05:59 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [bingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DelayTSS] C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe ()
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001..\Run: [spotify Web Helper] C:\Users\Alex\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab (Java Plug-in 1.7.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28995A0D-9764-4882-9D71-0B347F98D0D0}: DhcpNameServer = 129.1.2.2 129.1.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37184630-4D22-459A-8643-6D4DB69E69D4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{41041820-235a-11e2-9559-dc0ea14727eb}\Shell - "" = AutoRun
O33 - MountPoints2\{41041820-235a-11e2-9559-dc0ea14727eb}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{85e938bb-13f7-11e2-ad9c-dc0ea14727eb}\Shell - "" = AutoRun
O33 - MountPoints2\{85e938bb-13f7-11e2-ad9c-dc0ea14727eb}\Shell\AutoRun\command - "" = E:\setup.exe -a
O33 - MountPoints2\{ba4a0a29-26f7-11e2-8cff-dc0ea14727eb}\Shell - "" = AutoRun
O33 - MountPoints2\{ba4a0a29-26f7-11e2-8cff-dc0ea14727eb}\Shell\AutoRun\command - "" = E:\MotorolaDeviceManagerSetup.exe -a
O33 - MountPoints2\{c8ac39d8-c66d-11e2-a108-dc0ea14727eb}\Shell - "" = AutoRun
O33 - MountPoints2\{c8ac39d8-c66d-11e2-a108-dc0ea14727eb}\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/07/01 20:34:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2013/06/29 12:45:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Oovoo still there_files
[2013/06/29 11:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/28 22:51:59 | 001,933,572 | ---- | C] (Farbar) -- C:\Users\Alex\Desktop\FRST64.exe
[2013/06/28 18:51:57 | 000,000,000 | ---D | C] -- C:\FRST
[2013/06/27 02:16:43 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\RK_Quarantine
[2013/06/27 00:21:48 | 000,162,008 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamswissarmy.sys
[2013/06/25 12:06:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/06/24 18:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/23 22:42:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/06/23 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/06/23 16:13:11 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\QuickScan
[2013/06/23 12:09:27 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2013/06/23 11:36:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
[2013/06/23 11:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2013/06/23 11:31:16 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
[2013/06/22 23:28:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Roaming\Oracle
[2013/06/22 23:26:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/04 16:14:57 | 000,000,000 | ---D | C] -- C:\b4ef0b8e6bea13541887154d54
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/07/01 20:34:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2013/07/01 20:26:01 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/07/01 20:01:00 | 000,000,254 | ---- | M] () -- C:\windows\tasks\HP Photo Creations Messager.job
[2013/07/01 19:55:12 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/01 19:55:11 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/01 19:17:13 | 000,000,366 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateFiles_Alex.job
[2013/07/01 18:05:20 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 18:05:20 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/01 18:00:33 | 000,744,706 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/07/01 18:00:33 | 000,637,488 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/07/01 18:00:33 | 000,111,346 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/07/01 17:56:59 | 000,000,372 | ---- | M] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_Alex.job
[2013/07/01 17:56:43 | 000,002,294 | ---- | M] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/07/01 17:55:28 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/07/01 17:55:22 | 464,330,751 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/29 18:23:32 | 000,255,231 | ---- | M] () -- C:\Users\Alex\Desktop\oovoo failure 2.png
[2013/06/29 13:31:53 | 000,452,385 | ---- | M] () -- C:\Users\Alex\Desktop\Oovoo still there.mht
[2013/06/29 12:45:42 | 000,027,211 | ---- | M] () -- C:\Users\Alex\Desktop\Oovoo still there.htm
[2013/06/29 12:42:52 | 000,329,569 | ---- | M] () -- C:\Users\Alex\Desktop\Oovoo still there.pdf
[2013/06/29 11:35:45 | 000,002,270 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/28 22:52:06 | 001,933,572 | ---- | M] (Farbar) -- C:\Users\Alex\Desktop\FRST64.exe
[2013/06/28 18:24:24 | 000,000,258 | RHS- | M] () -- C:\Users\Alex\ntuser.pol
[2013/06/28 02:04:00 | 000,000,362 | ---- | M] () -- C:\windows\tasks\ReclaimerUpdateXML_Alex.job
[2013/06/27 00:21:48 | 000,162,008 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamswissarmy.sys
[2013/06/27 00:17:22 | 000,036,680 | ---- | M] () -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/06/23 19:49:49 | 000,648,201 | ---- | M] () -- C:\Users\Alex\Desktop\adwcleaner.exe
[2013/06/23 18:56:28 | 003,757,568 | ---- | M] () -- C:\Users\Alex\Desktop\RogueKillerX64.exe
[2013/06/22 22:31:28 | 000,025,185 | ---- | M] () -- C:\windows\SysWow64\ieuinit.inf
[2013/06/22 22:31:27 | 000,025,185 | ---- | M] () -- C:\windows\SysNative\ieuinit.inf
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/06/29 18:23:32 | 000,255,231 | ---- | C] () -- C:\Users\Alex\Desktop\oovoo failure 2.png
[2013/06/29 13:03:43 | 000,452,385 | ---- | C] () -- C:\Users\Alex\Desktop\Oovoo still there.mht
[2013/06/29 12:45:41 | 000,027,211 | ---- | C] () -- C:\Users\Alex\Desktop\Oovoo still there.htm
[2013/06/29 12:42:51 | 000,329,569 | ---- | C] () -- C:\Users\Alex\Desktop\Oovoo still there.pdf
[2013/06/29 11:35:45 | 000,002,294 | ---- | C] () -- C:\Users\Alex\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/29 11:35:45 | 000,002,270 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/28 18:24:24 | 000,000,258 | RHS- | C] () -- C:\Users\Alex\ntuser.pol
[2013/06/27 00:16:49 | 000,036,680 | ---- | C] () -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2013/06/25 12:06:12 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/06/23 19:47:21 | 000,648,201 | ---- | C] () -- C:\Users\Alex\Desktop\adwcleaner.exe
[2013/06/23 18:55:27 | 003,757,568 | ---- | C] () -- C:\Users\Alex\Desktop\RogueKillerX64.exe
[2013/06/22 23:12:06 | 000,000,372 | ---- | C] () -- C:\windows\tasks\RNUpgradeHelperLogonPrompt_Alex.job
[2013/06/22 23:12:05 | 000,000,366 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateFiles_Alex.job
[2013/06/22 23:12:02 | 000,000,362 | ---- | C] () -- C:\windows\tasks\ReclaimerUpdateXML_Alex.job
[2013/06/22 22:31:28 | 000,025,185 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf
[2013/06/22 22:31:27 | 000,025,185 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf
[2012/07/23 13:56:44 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/07/23 13:33:03 | 000,738,172 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/12/04 02:56:37 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Book Place
[2012/08/16 22:43:06 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\ooVoo Details
[2012/11/25 20:41:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\OpenOffice.org
[2013/06/22 23:28:01 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Oracle
[2013/06/24 00:37:53 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\QuickScan
[2013/06/29 23:46:28 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\SoftGrid Client
[2013/05/12 09:31:13 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Spotify
[2013/06/22 21:20:12 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Systweak
[2012/08/16 19:04:25 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\Toshiba
[2012/07/23 13:33:59 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\TP
[2012/07/20 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Alex\AppData\Roaming\WinBatch
 
========== Purity Check ==========
 
 
 
< End of report >
 
EXTRA.TXT:
 
OTL Extras logfile created on: 7/1/2013 8:36:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Alex\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16618)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.86 Gb Available Physical Memory | 65.29% Memory free
11.82 Gb Paging File | 9.55 Gb Available in Paging File | 80.81% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.11 Gb Total Space | 635.95 Gb Free Space | 93.23% Space Free | Partition Type: NTFS
 
Computer Name: ALEX-PC | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1EAC00B2-1C22-48DF-9618-55F123FCECB1}" = rport=445 | protocol=6 | dir=out | app=system | 
"{29D55F86-BECA-4F1A-8BAA-5A2A894E5853}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{34549250-280B-4C03-9CA4-85F8C623A21C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | 
"{37C16BB1-E18E-474F-9F12-488706AF9595}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A82A7AD-3A18-4829-ABA8-2CA767ACB7DC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{55D5E434-FC54-48EE-9641-F3091184C0F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5B3CEC9D-4E7C-4A6E-9680-F04D46620338}" = rport=138 | protocol=17 | dir=out | app=system | 
"{68782A92-91D3-4641-BD45-306E02DB6704}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp | 
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7592477A-D1DE-4E85-A983-A7E0991B5553}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7B597E6F-5A7C-4072-9553-D42C3438EA3D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8509FEF4-6A1F-4F01-ABCE-B14C634FC8AB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8AE60896-E304-452C-9A58-40E5ABE90AB1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{91789FCC-2B8A-416C-AD5E-4955E3C9D521}" = lport=137 | protocol=17 | dir=in | app=system | 
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9283D57E-F40A-47F2-81D5-F7EFD069A438}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{9377C892-F9BF-494C-B543-3CB212BA6EE8}" = lport=445 | protocol=6 | dir=in | app=system | 
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9C73449C-D59D-4874-83E4-334522A8DCA0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9FA2A5B1-B9D6-4A00-BB7F-6E9D7D3385B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A7356A98-DF29-460C-A13E-2F24D01FBC8A}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B964B366-23C0-4824-8E80-B95A3A57C7EF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C4B6522F-B6BA-4D79-AC49-5734C7A8955E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C57A7AD1-45DD-4FB3-A5E7-3D6BDFC0760F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{D98F05DC-6FC7-4D5D-86B7-56E5812368B4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DBC266B4-CBD7-44DB-B818-047C3BD22070}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00898038-AAAE-4A64-91F7-53FE136CB6EE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{07783100-14A9-4CEC-9FC7-1E5FC171FDD3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1F4E9B0A-E616-4A18-AA40-E8115270136B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{21BA5A61-DDA3-4557-B113-DC54BA36C32B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4343E54F-A994-42A7-A2C6-5AEA632E491E}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\hpnetworkcommunicator.exe | 
"{45046683-DA64-4F5B-A9D4-43C46FBAAC0A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4A0BB786-DF18-4967-B27C-4AFC73E0515B}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\hpnetworkcommunicator.exe | 
"{4DBC8CD6-9891-43DD-A6DF-849180647B3B}" = dir=in | app=c:\program files\hp\hp deskjet 3050a j611 series\bin\devicesetup.exe | 
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53C30A38-375B-4EAC-A4FC-7255FEE57685}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{5650B472-8413-4730-B379-62A9400BEAE7}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe | 
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6929C311-DD23-4281-8A30-476CA18A5BE5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6F4B4810-D714-4D94-B942-D5AA375BC8EE}" = protocol=6 | dir=out | app=system | 
"{6FBF7B19-AD21-4CAB-83D0-60D4C82D2D5C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{8533962B-49C5-4CA5-BBEA-0561978067E3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8D42A0E7-4B5A-46BD-9C5B-AE473DCCCC8C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{9784B21E-FF9F-42CF-AD66-20681BA8A19F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{9D19F832-A5CE-4E00-BE36-DE10413A38E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E70A72B-7DBE-4A87-91BF-E03FEA0E97CC}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system | 
"{ABF31B2F-2C18-4C36-B3D4-1346A0C49C61}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B6341CF6-400E-4F56-B327-325834C81136}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B7CBAE7D-D193-425F-B23A-289E435D49B7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{B9FA2A09-79CC-4657-8E65-E984306E91C6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BEDB7187-EE6F-4F4B-8586-A66757EF0C70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BEE1CE9E-696E-4D61-9C21-22587AEFEB29}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{C9CFE1E8-15EE-4172-B7E8-1EBD161BAD15}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CA8019EA-457F-41D6-840B-3A039A8994B5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CAC9B572-D196-45CE-A3C2-AF64808C2779}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{E85F32C5-A458-484B-9ACF-C2588536212B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{EB41AF5F-533A-41E4-9711-1D71AC91D026}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F0D9E355-069B-4923-8005-BDE2F76C582E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F2D78D7B-B14D-4905-ABCE-AA18BABD8324}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F525FDDD-13E8-419F-8934-78AC87EA43E0}" = dir=in | app=c:\program files\hp\hp photosmart 7510 series\bin\devicesetup.exe | 
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F8E3B4C2-1972-4BBE-AA7D-F1D87838617C}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{45C4FDD4-0BE8-4B89-86BB-184AC10664AA}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{D9D17098-B2B8-4465-9FC4-1E6D7D1E66B3}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | 
"UDP Query User{08DA2B0A-B219-4916-8DE3-22BDE7F9CA0E}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | 
"UDP Query User{5AD2D9AF-60EA-4BE5-9FC8-57C5E2DBBBDC}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{710D4D91-1924-4A6B-8659-9CDE02DC7207}" = HP Deskjet 3050A J611 series Product Improvement Study
"{7B286FFB-7F98-4337-9903-A2103AAAAE5E}" = HP Photosmart 7510 series Basic Device Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"{FB555BCF-9202-4886-9203-88C9A210D727}" = HP Deskjet 3050A J611 series Basic Device Software
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24E01F02-4261-42B8-9BD9-80E5E6D64952}" = HP Photosmart 7510 series Help
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA VIDEO PLAYER
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel® WiDi
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing Desktop
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{97DDCAB8-B770-4089-A10F-67568069D78A}" = HP Deskjet 3050A J611 series Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}" = OpenOffice.org 3.4.1
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"ProInst" = Intel PROSet Wireless
"RealPlayer 15.0" = RealPlayer
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1405342109-1089225667-1844177520-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/24/2013 9:17:22 AM | Computer Name = Alex-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 6/24/2013 9:19:36 AM | Computer Name = Alex-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 6/24/2013 10:03:16 AM | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/24/2013 10:30:06 AM | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/24/2013 5:50:47 PM | Computer Name = Alex-PC | Source = ESENT | ID = 489
Description = taskhost (4440) An attempt to open the file "C:\Users\Alex\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
 for read only access failed with system error 32 (0x00000020): "The process cannot
 access the file because it is being used by another process. ".  The open file 
operation will fail with error -1032 (0xfffffbf8).
 
Error - 6/24/2013 5:50:50 PM | Computer Name = Alex-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/24/2013 8:44:46 PM | Computer Name = Alex-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 6/24/2013 8:45:01 PM | Computer Name = Alex-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 6/24/2013 9:11:00 PM | Computer Name = Alex-PC | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 6/24/2013 9:11:16 PM | Computer Name = Alex-PC | Source = MsiInstaller | ID = 1023
Description = 
 
[ System Events ]
Error - 3/14/2013 10:42:42 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the eventlog service.
 
Error - 3/14/2013 1:21:10 PM | Computer Name = Alex-PC | Source = volsnap | ID = 393230
Description = The shadow copies of volume C: were aborted because of an IO failure
 on volume C:.
 
Error - 3/14/2013 11:10:12 PM | Computer Name = Alex-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 3/15/2013 5:11:03 AM | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 3/15/2013 5:11:03 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
 Installer service to connect.
 
Error - 3/15/2013 5:11:03 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Installer service failed to start due to the following
 error:   %%1053
 
Error - 3/15/2013 8:48:42 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
 Update Service (gupdate) service to connect.
 
Error - 3/15/2013 8:48:42 AM | Computer Name = Alex-PC | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
 the following error:   %%1053
 
Error - 3/15/2013 8:48:42 AM | Computer Name = Alex-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 3/15/2013 9:09:20 AM | Computer Name = Alex-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x80070643: Security Update for Microsoft .NET Framework 4 on XP, Server
 2003, Vista, Windows 7, Server 2008, Server 2008 R2 for x64 (KB2789642).
 
 
< End of report >
 

Share this post


Link to post
Share on other sites
Please do this:

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in bold:

 

 

:Files

 C:\Users\Alex\AppData\Roaming\ooVoo Details

:Reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = -

:Commands

[EMPTYJAVA] 

[emptytemp]

[EMPTYFLASH]

 

 

[*]Then click the Run Fix button at the top 

[*]Let the program run unhindered, when done it will say "Fix Complete press ok to open the log" 

[*]Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

 

MrC

Share this post


Link to post
Share on other sites

MrC, I ran the custom fixes you described. It did ask me to reboot to complete the process. However when the reboot was completed, the log file opened without me having to search for it.  Here it is:

 

All processes killed
========== FILES ==========
C:\Users\Alex\AppData\Roaming\ooVoo Details\Users\4658332723 folder moved successfully.
C:\Users\Alex\AppData\Roaming\ooVoo Details\Users folder moved successfully.
C:\Users\Alex\AppData\Roaming\ooVoo Details\Logs folder moved successfully.
C:\Users\Alex\AppData\Roaming\ooVoo Details\Logos folder moved successfully.
C:\Users\Alex\AppData\Roaming\ooVoo Details\Cache folder moved successfully.
C:\Users\Alex\AppData\Roaming\ooVoo Details folder moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Alex
->Java cache emptied: 1459822 bytes
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
Total Java Files Cleaned = 1.00 mb
 
 
[EMPTYTEMP]
 
User: Alex
->Temp folder emptied: 4963520 bytes
->Temporary Internet Files folder emptied: 1358593 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 236594014 bytes
->Flash cache emptied: 57194 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 174851466 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42327887 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 439.00 mb
 
 
[EMPTYFLASH]
 
User: Alex
->Flash cache emptied: 0 bytes
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 07022013_221103
 
Files\Folders moved on Reboot...
C:\Users\Alex\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\temp\MpCmdRun.log moved successfully.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Is the ooVoo entry still in the add/remove programs??

MrC

Share this post


Link to post
Share on other sites

Mr. C, unfortunately it is still there. However, if I try to run uninstall, it has a different error. It is not able to find oovoosetup.msi. I searched the entire Drive C for it and it was not found. 

 

Regarding the two .NET security patches and one .NET update - they have not tried to install automatically during the last two shut downs. I checked Windows Update and they are still in the list. I did not try to install them using Windows Update again until I got the go ahead from you.

post-121328-0-36171000-1372855484_thumb.

Share this post


Link to post
Share on other sites

ooVoo is not on your system, you can't uninstall it.

All you're seeing is an entry in your add/remove programs.

Please download SystemLook from the link below and save it to your Desktop.

http://jpshortstuff.247fixes.com/SystemLook_x64.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :regHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

MrC

Share this post


Link to post
Share on other sites

Here is the log file from SystemLook:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 12:49 on 03/07/2013 by Alex
Administrator - Elevation successful
 
========== reg ==========
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall]
(No values found)
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\CCleaner]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Connection Manager]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DirectDrawEx]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Fontcore]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 4 Client Profile]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Security Client]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\ProInst]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\WIC]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0225AD21-F3E2-4916-BFF3-65D3F9052582}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{066CFFF8-12BF-4390-A673-75F95EFF188E}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{180C8888-50F1-426B-A9DC-AB83A1989C65}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1C8C049A-145F-4A6E-8290-B5C245EBE39D}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{24811C12-F4A9-4D0F-8494-A7B8FE46123C}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2F72F540-1F60-4266-9506-952B21D6640D}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{3C41721F-AF0F-4086-AA1C-4C7F29076228}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5DA0E02F-970B-424B-BF41-513A5018E4C0}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{704C0303-D20C-45AF-BD2B-556EAF31BE09}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{710D4D91-1924-4A6B-8659-9CDE02DC7207}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7B286FFB-7F98-4337-9903-A2103AAAAE5E}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-006D-0409-1000-0000000FF1CE}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94A90C69-71C1-470A-88F5-AA47ECC96B40}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{95120000-00B9-0409-1000-0000000FF1CE}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D4322448-B6AF-4316-B859-D8A0E84DCB38}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D954C6C2-544B-4091-A47F-11E77162883E}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F67FA545-D8E5-4209-86B1-AEE045D1003F}]
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{FB555BCF-9202-4886-9203-88C9A210D727}]
 
 
-= EOF =-

Share this post


Link to post
Share on other sites

It's not even listed, try this code with SystemLook:

:regfindooVoo

Post back the log.....MrC

 

Share this post


Link to post
Share on other sites

SystemLook #2 searching for Oovoo:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 13:31 on 03/07/2013 by Alex
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "ooVoo"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1cba0af1_0]
@="{0.0.0.00000000}.{a4483db2-11ac-415b-a048-bba668949c2a}|\Device\HarddiskVolume2\Program Files (x86)\ooVoo\ooVoo.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ad398ec5_0]
@="{0.0.0.00000000}.{5cce8f79-3847-4e3b-8a6b-a0cc1187f49f}|\Device\HarddiskVolume2\Program Files (x86)\ooVoo\ooVoo.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_CURRENT_USER\Software\ooVoo]
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"(App)ooVoo"="True"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FF8F7AAF50C316A4F8418D6A9EDE6632]
"ProductName"="OoVoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\SourceList]
"PackageName"="oovoosetup.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ooVoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ooVoo.Detection]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\ooVoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\ooVoo]
@="ooVoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\ooVoo\Protocols\callto\DefaultIcon]
@="C:\PROGRA~2\ooVoo\oovoo.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\ooVoo\Protocols\callto\shell\open\command]
@=""C:\Program Files (x86)\ooVoo\oovoo.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\ooVoo\shell\open\command]
@="C:\PROGRA~2\ooVoo\oovoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\105338E371145B6E92205CC8DDDF9C1D]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\ru_RU\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E2C299DB19C598103879BD0FC84C69D]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\it_IT\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A35398EE6FB6FB248BFF4D78758968D]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\ar_SA\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3CCF8784A3EC81C6236C43B3286AA87B]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\fr_FR\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4608245A095D46D034C1F63C8B8BE06A]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\ooVoo.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\473EFED62771426799149F8EF4AE0241]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\de_DE\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\596E64F398EA8337DF5506A8FC74906D]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="01:\Software\ooVoo\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\645857E7DD28426652269B96BF6F3B35]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\zh_CN\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6500F25587D8141F3E374F590EAB9391]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\pt_PT\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F70D8B30C941F69347028BC67F60E97D]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="01:\Software\ooVoo\Settings\General\Logs"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7E5CDA5286ADA2064C12D915B059C20]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\en_US\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F9D2BD9BC95500FAD69AE48DED6C9035]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\es_ES\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD3F4A694984613401DF024666A28448]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\Languages\he_IL\ooVoo.mo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FF8F7AAF50C316A4F8418D6A9EDE6632]
"FF8F7AAF50C316A4F8418D6A9EDE6632"="C:\Program Files (x86)\ooVoo\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\InstallProperties]
"Comments"="ooVoo setup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\InstallProperties]
"Contact"="ooVoo LLC."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\InstallProperties]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\InstallProperties]
"Publisher"="ooVoo LLC."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\InstallProperties]
"URLInfoAbout"="www.oovoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FF8F7AAF50C316A4F8418D6A9EDE6632\InstallProperties]
"DisplayName"="ooVoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ooVooSetup_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\ooVooSetup_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\oovoo_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\oovoo_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}]
"Comments"="ooVoo setup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}]
"Contact"="ooVoo LLC."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}]
"Publisher"="ooVoo LLC."
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}]
"URLInfoAbout"="www.oovoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}]
"DisplayName"="ooVoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Internet Call\ooVoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Internet Call\ooVoo]
@="ooVoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Internet Call\ooVoo\Protocols\callto\DefaultIcon]
@="C:\PROGRA~2\ooVoo\oovoo.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Internet Call\ooVoo\Protocols\callto\shell\open\command]
@=""C:\Program Files (x86)\ooVoo\oovoo.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\Internet Call\ooVoo\shell\open\command]
@="C:\PROGRA~2\ooVoo\oovoo.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D164ECA-781E-41F2-BB23-96AA9238E28B}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=443|Name=ooVoo TCP port 443|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8C269F9-A7A9-48EA-92AE-714D06D16A43}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=443|Name=ooVoo UDP port 443|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8E4ADE9-2B93-4D16-A4D1-801427F93A5F}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=37674|Name=ooVoo TCP port 37674|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60946B5C-CBFF-49B6-B9C9-A2333FB4C998}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37674|Name=ooVoo UDP port 37674|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E23A4B7-5872-4743-A55B-0A8D6841E1D3}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37675|Name=ooVoo UDP port 37675|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F058D00B-8C5D-4ECA-9B58-A630EA09071E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=37676|Name=ooVoo TCP port 37676|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA761245-B336-438E-AE18-A09F9E02C809}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37676|Name=ooVoo UDP port 37676|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9082F7F2-D5AC-4A1C-BFD4-7AD13F2941B4}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37677|Name=ooVoo UDP port 37677|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D164ECA-781E-41F2-BB23-96AA9238E28B}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=443|Name=ooVoo TCP port 443|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8C269F9-A7A9-48EA-92AE-714D06D16A43}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=443|Name=ooVoo UDP port 443|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8E4ADE9-2B93-4D16-A4D1-801427F93A5F}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=37674|Name=ooVoo TCP port 37674|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60946B5C-CBFF-49B6-B9C9-A2333FB4C998}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37674|Name=ooVoo UDP port 37674|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E23A4B7-5872-4743-A55B-0A8D6841E1D3}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37675|Name=ooVoo UDP port 37675|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F058D00B-8C5D-4ECA-9B58-A630EA09071E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=37676|Name=ooVoo TCP port 37676|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA761245-B336-438E-AE18-A09F9E02C809}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37676|Name=ooVoo UDP port 37676|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9082F7F2-D5AC-4A1C-BFD4-7AD13F2941B4}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37677|Name=ooVoo UDP port 37677|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5D164ECA-781E-41F2-BB23-96AA9238E28B}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=443|Name=ooVoo TCP port 443|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8C269F9-A7A9-48EA-92AE-714D06D16A43}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=443|Name=ooVoo UDP port 443|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{D8E4ADE9-2B93-4D16-A4D1-801427F93A5F}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=37674|Name=ooVoo TCP port 37674|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{60946B5C-CBFF-49B6-B9C9-A2333FB4C998}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37674|Name=ooVoo UDP port 37674|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9E23A4B7-5872-4743-A55B-0A8D6841E1D3}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37675|Name=ooVoo UDP port 37675|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{F058D00B-8C5D-4ECA-9B58-A630EA09071E}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Private|LPort=37676|Name=ooVoo TCP port 37676|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FA761245-B336-438E-AE18-A09F9E02C809}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37676|Name=ooVoo UDP port 37676|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9082F7F2-D5AC-4A1C-BFD4-7AD13F2941B4}"="v2.10|Action=Allow|Active=FALSE|Dir=In|Protocol=17|Profile=Private|LPort=37677|Name=ooVoo UDP port 37677|"
[HKEY_USERS\.DEFAULT\Software\ooVoo]
[HKEY_USERS\S-1-5-21-1405342109-1089225667-1844177520-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1cba0af1_0]
@="{0.0.0.00000000}.{a4483db2-11ac-415b-a048-bba668949c2a}|\Device\HarddiskVolume2\Program Files (x86)\ooVoo\ooVoo.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1405342109-1089225667-1844177520-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\ad398ec5_0]
@="{0.0.0.00000000}.{5cce8f79-3847-4e3b-8a6b-a0cc1187f49f}|\Device\HarddiskVolume2\Program Files (x86)\ooVoo\ooVoo.exe%b{00000000-0000-0000-0000-000000000000}"
[HKEY_USERS\S-1-5-21-1405342109-1089225667-1844177520-1001\Software\ooVoo]
[HKEY_USERS\S-1-5-21-1405342109-1089225667-1844177520-1001\Software\Piriform\CCleaner]
"(App)ooVoo"="True"
[HKEY_USERS\S-1-5-18\Software\ooVoo]
 
-= EOF =-

Share this post


Link to post
Share on other sites

Download, unzip and run the attached fix.zip (fix.reg) and allow it to merge into the registry.

Reboot and see if it's gone.

MrC

Share this post


Link to post
Share on other sites

MrC, BINGO!  Oovoo is nailed. It no longer shows up in Control panel.  In addition, I found a .NET framework repair tool in control panel. I ran it and the security patches and update installed successfully. Windows update now shows that Windows is up to date.  I do not see any more freezing issues, even during initial boot up.  THANK YOU!

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.