NoWayIn Posted January 6, 2014 ID:774589 Share Posted January 6, 2014 I've been getting random popups for a while now. Here's the txt files: DSS.txt DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2Run by Willy at 13:48:58 on 2014-01-06Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3990.1567 [GMT -8:00].AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\system32\atiesrxx.exeC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\Program Files\AVAST Software\Avast\AvastSvc.exeC:\windows\system32\WLANExt.exeC:\windows\system32\atieclxx.exeC:\windows\system32\Dwm.exeC:\windows\Explorer.EXEC:\windows\System32\spoolsv.exeC:\windows\system32\taskhost.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\windows\system32\taskeng.exeC:\windows\system32\taskeng.exeC:\windows\system32\taskeng.exeC:\windows\SysWOW64\Rundll32.exeC:\Program Files (x86)\Bluetooth Suite\adminservice.exeC:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exeC:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exeC:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exeC:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exeC:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exeC:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exeC:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files\Intel\iCLS Client\HeciServer.exeC:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exeC:\Program Files (x86)\CyberLink\Shared files\RichVideo.exeC:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exeC:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exeC:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exeC:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\system32\svchost.exe -k bthsvcsC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\windows\system32\SearchIndexer.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Bluetooth Suite\BtvStack.exeC:\Program Files (x86)\Bluetooth Suite\AthBtTray.exeC:\windows\system32\SearchProtocolHost.exeC:\Program Files (x86)\Samsung\Kies\Kies.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Users\Willy\AppData\Local\Akamai\netsession_win.exeC:\Users\Willy\AppData\Local\Akamai\netsession_win.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exeC:\windows\system32\igfxext.exeC:\windows\system32\igfxsrvc.exeC:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeD:\iTunes\iTunesHelper.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exeC:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exeC:\Program Files (x86)\BlueStacks\HD-Agent.exeC:\Program Files (x86)\Yahoo Messenger.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exeC:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exeC:\windows\system32\hkcmd.exeC:\windows\system32\igfxpers.exeC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exeC:\windows\system32\sppsvc.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\windows\servicing\TrustedInstaller.exeC:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXEC:\windows\splwow64.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = <local>;*.localBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dllBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dllTB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dlluRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preloaduRun: [Akamai NetSession Interface] "C:\Users\Willy\AppData\Local\Akamai\netsession_win.exe"uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exeuRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [GoogleChromeAutoLaunch_8DA596FF221A729A001D3B810DEE4BC8] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowuRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunmRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" amlmRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exemRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [iTunesHelper] "D:\iTunes\iTunesHelper.exe"mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguimRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exedRunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect"StartupFolder: C:\Users\Willy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exeStartupFolder: C:\Users\Willy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\YAHOOM~1.LNK - C:\Program Files (x86)\Yahoo Messenger.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exemPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 137.82.1.2 142.103.1.42TCP: Interfaces\{3FBE32D7-401A-48D1-B26C-DA9131690090} : DHCPNameServer = 137.82.1.2 142.103.1.42TCP: Interfaces\{3FBE32D7-401A-48D1-B26C-DA9131690090}\0527F667964656E63656022416970275946494 : DHCPNameServer = 192.168.0.254TCP: Interfaces\{3FBE32D7-401A-48D1-B26C-DA9131690090}\572636375636572756 : DHCPNameServer = 137.82.1.2 142.103.1.42TCP: Interfaces\{7266E235-2A0B-4650-A2D8-E03C1B1BE011} : DHCPNameServer = 137.82.1.2 142.103.1.42Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-BHO: sUerf iandd. kEep: {7C021C07-7CB2-4194-1568-66178E51E2A4} - C:\Program Files (x86)\sUerf iandd. kEep\2zE23p_Y.x64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dllx64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -sx64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exex64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2012-3-19 32896]R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-10-6 65776]R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-10-6 205320]R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-2-27 16152]R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswSnx.sys [2013-10-6 1032416]R1 aswSP;aswSP;C:\windows\System32\drivers\aswSP.sys [2013-10-6 409832]R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-6-5 13824]R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-4-17 235520]R2 aswFsBlk;aswFsBlk;C:\windows\System32\drivers\aswFsBlk.sys [2013-10-6 38984]R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2013-10-6 84328]R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-3-9 107648]R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-30 19232]R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-12-13 50344]R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-12-5 113424]R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-12-5 385808]R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-6-5 13592]R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-3-6 629984]R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-6-5 127320]R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-6-5 164184]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-6 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-6 701512]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-8-3 138272]R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-5-31 2804568]R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-6-5 31624]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-6-5 362840]R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2011-3-8 288768]R2 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2011-3-8 1066896]R2 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2011-3-8 491920]R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-3-9 163456]R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\windows\System32\drivers\btath_flt.sys [2012-3-9 36480]R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130924.001\BHDrvx64.sys [2013-9-23 1525848]R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\drivers\btath_a2dp.sys [2012-3-9 340096]R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\windows\System32\drivers\btath_avdt.sys [2012-3-9 111232]R3 BTATH_BUS;Atheros Bluetooth Bus;C:\windows\System32\drivers\btath_bus.sys [2012-3-9 30848]R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\drivers\btath_hcrp.sys [2012-3-9 168064]R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\drivers\btath_lwflt.sys [2012-3-9 68736]R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\drivers\btath_rcp.sys [2012-3-9 281472]R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-8-3 167072]R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-28 140376]R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131004.001\IDSviA64.sys [2013-10-4 520280]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-12-5 331264]R3 intelkmd;intelkmd;C:\windows\System32\drivers\igdpmd64.sys [2012-3-26 14748416]R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-2-27 356120]R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-2-27 788760]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-6 25928]R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-6-5 685160]R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-8-3 451192]R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-8-3 1129120]R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-8-3 190072]R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-8-3 405624]S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-12-5 402192]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-10-28 107288]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-8-6 1432400]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUVStor.sys [2012-6-5 314472]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\windows\System32\drivers\ssadbus.sys [2013-8-2 169288]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\windows\System32\drivers\ssadmdfl.sys [2013-8-2 21320]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\windows\System32\drivers\ssadmdm.sys [2013-8-2 188232]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-12 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-8-3 1255736]S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== File Associations ===============.FileExt: .scr: AutoCADScriptFile=C:\windows\System32\notepad.exe "%1".=============== Created Last 30 ================.2014-01-05 23:38:01 -------- d-----w- C:\Users\Willy\AppData\Local\CyberLink2013-12-27 07:36:22 -------- d-----w- C:\Program Files (x86)\Microsoft XNA2013-12-26 06:57:04 -------- d-----w- C:\Program Files (x86)\Common Files\Steam2013-12-25 05:30:59 -------- d-----w- C:\windows\SysWow64\SearchProtect2013-12-25 05:30:54 -------- d-----w- C:\Users\Willy\AppData\Local\SearchProtect2013-12-25 05:30:11 -------- d-----w- C:\Program Files (x86)\uTorrentControl_v62013-12-19 01:09:12 -------- d-----w- C:\Program Files (x86)\BlueStacks2013-12-19 01:08:23 -------- d-----w- C:\ProgramData\BlueStacksSetup2013-12-19 01:08:16 -------- d-----w- C:\ProgramData\BlueStacks2013-12-17 07:13:17 -------- d-----w- C:\Program Files (x86)\MyFree Codec2013-12-14 22:46:31 -------- d-----w- C:\Users\Willy\AppData\Roaming\AVAST Software2013-12-14 06:06:33 -------- d-----w- C:\ProgramData\Conduit2013-12-14 06:05:48 -------- d-----w- C:\Users\Willy\AppData\Local\NativeMessaging2013-12-14 06:05:45 -------- d-----w- C:\Users\Willy\AppData\Local\Conduit2013-12-14 06:05:42 -------- d-----w- C:\Users\Willy\AppData\Local\CRE2013-12-14 06:05:41 -------- d-----w- C:\Program Files (x86)\Conduit2013-12-12 19:33:56 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe2013-12-12 19:33:56 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe2013-12-12 19:33:55 12625920 ----a-w- C:\windows\System32\wmploc.DLL2013-12-12 19:33:55 12625408 ----a-w- C:\windows\SysWow64\wmploc.DLL2013-12-12 19:32:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-12-12 19:32:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb2013-12-12 19:32:01 353280 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll2013-12-12 19:32:01 293072 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll2013-12-12 19:32:01 235216 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll2013-12-12 19:32:00 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe2013-12-12 19:32:00 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll2013-12-12 19:32:00 270848 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll2013-12-12 19:32:00 251392 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll2013-12-11 20:13:19 335360 ----a-w- C:\windows\System32\msieftp.dll2013-12-11 20:13:19 301568 ----a-w- C:\windows\SysWow64\msieftp.dll2013-12-11 20:13:18 3155968 ----a-w- C:\windows\System32\win32k.sys2013-12-11 20:13:16 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll2013-12-11 20:13:15 465920 ----a-w- C:\windows\System32\WMPhoto.dll2013-12-11 20:13:13 81408 ----a-w- C:\windows\System32\imagehlp.dll2013-12-11 20:13:13 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll2013-12-11 20:13:06 2048 ----a-w- C:\windows\SysWow64\tzres.dll2013-12-11 20:13:06 2048 ----a-w- C:\windows\System32\tzres.dll2013-12-11 20:12:59 230400 ----a-w- C:\windows\System32\drivers\portcls.sys2013-12-11 20:12:59 116736 ----a-w- C:\windows\System32\drivers\drmk.sys2013-12-11 20:12:58 202752 ----a-w- C:\windows\System32\scrrun.dll2013-12-11 20:12:58 156160 ----a-w- C:\windows\System32\cscript.exe2013-12-11 20:12:58 150016 ----a-w- C:\windows\System32\wshom.ocx2013-12-11 20:12:58 121856 ----a-w- C:\windows\SysWow64\wshom.ocx2013-12-11 20:12:57 168960 ----a-w- C:\windows\System32\wscript.exe2013-12-11 20:12:57 163840 ----a-w- C:\windows\SysWow64\scrrun.dll2013-12-11 20:12:57 141824 ----a-w- C:\windows\SysWow64\wscript.exe2013-12-11 20:12:57 126976 ----a-w- C:\windows\SysWow64\cscript.exe.==================== Find3M ====================.2013-12-14 06:53:01 84328 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys2013-12-14 06:53:01 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys2013-12-14 06:53:01 205320 ----a-w- C:\windows\System32\drivers\aswVmm.sys2013-12-14 06:53:01 1032416 ----a-w- C:\windows\System32\drivers\aswSnx.sys2013-12-14 06:53:00 92544 ----a-w- C:\windows\System32\drivers\aswRdr2.sys2013-12-14 06:52:59 43152 ----a-w- C:\windows\avastSS.scr2013-12-11 10:38:36 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-12-11 10:38:35 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll2013-11-09 20:29:14 336 ----a-w- C:\windows\SysWow64\dpcqrxe.dll2013-11-09 20:29:14 100 ----a-w- C:\windows\SysWow64\prsgrc.dll2013-11-09 20:06:17 1024 ----a-w- C:\windows\SysWow64\vukeuhm.dll2013-11-09 20:06:13 72 ----a-w- C:\windows\SysWow64\ssprs.dll2013-11-09 20:06:13 1024 ----a-w- C:\windows\SysWow64\grcauth2.dll2013-11-09 20:06:13 1024 ----a-w- C:\windows\SysWow64\grcauth1.dll2013-11-09 20:06:13 1024 ----a-w- C:\windows\SysWow64\clauth2.dll2013-11-09 20:06:13 1024 ----a-w- C:\windows\SysWow64\clauth1.dll2013-10-28 09:12:12 204568 ----a-w- C:\windows\System32\drivers\ssudmdm.sys2013-10-28 09:12:10 107288 ----a-w- C:\windows\System32\drivers\ssudbus.sys2013-10-12 02:30:42 830464 ----a-w- C:\windows\System32\nshwfp.dll2013-10-12 02:29:21 859648 ----a-w- C:\windows\System32\IKEEXT.DLL2013-10-12 02:29:08 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL2013-10-12 02:03:08 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll2013-10-12 02:01:25 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL2013-01-09 11:25:05 424299 ----a-w- C:\Program Files (x86)\Yahoo Messenger.exe.============= FINISH: 13:50:21.06 =============== Attach.txt .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 8/2/2013 2:40:42 AMSystem Uptime: 1/6/2014 1:40:17 PM (0 hours ago).Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NP350V4C-E01HKProcessor: Intel® Core i5-3210M CPU @ 2.50GHz | SOCKET 0 | 1175/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 100 GiB total, 28.631 GiB free.D: is FIXED (NTFS) - 807 GiB total, 698.607 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP81: 12/26/2013 11:35:33 PM - Installed Microsoft XNA Framework Redistributable 4.0RP82: 1/1/2014 5:19:26 PM - Removed Ragnarok Online.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader XI (11.0.05)Agatha Christie - Death on the NileAkamai NetSession InterfaceAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerApple Application SupportApple Mobile Device SupportApple Software UpdateArchiCAD 16 USAAtheros Bluetooth Suite (64)Atheros Client Installation ProgramAutoCAD Civil 3D 2013AutoCAD Civil 3D 2013 - EnglishAutoCAD Civil 3D 2013 Language Pack - EnglishAutodesk Content ServiceAutodesk Content Service Language PackAutodesk Download ManagerAutodesk Material Library 2013Autodesk Material Library Base Resolution Image Library 2013Autodesk Syncavast! Free AntivirusBejeweled 2 DeluxeBlueStacks App PlayerBlueStacks Notification CenterBonjourBorderlands 2Build-a-lotCatalyst Control CenterCatalyst Control Center - BrandingCatalyst Control Center InstallProxyCatalyst Control Center Localization AllCatalyst Control Center Profiles Mobileccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishChuzzle DeluxeCompatibility Pack for the 2007 Office systemCyberLink Media SuiteCyberLink Media+ Player10CyberLink MediaShowCyberLink Power2GoCyberLink PowerDirectorCyberLink YouCamD3DX10Diner Dash 2 Restaurant RescueDropboxE-POPEasy File ShareEasy MigrationEasy SettingsEasy Software ManagerEasy Support CenterERUNT 1.1jESET Online Scanner v3Farm FrenzyFARO LS 1.1.406.58foobar2000 v1.2.9Freemake Video Converter version 4.0.3Google ChromeGoogle EarthGoogle Update HelperInsaniquarium DeluxeIntel® Control CenterIntel® Display Audio DriverIntel® Manageability Engine Firmware Recovery AgentIntel® Management Engine ComponentsIntel® Rapid Storage TechnologyIntel® USB 3.0 eXtensible Host Controller DriverIntel® Trusted Connect Service ClientiTunesJava 7 Update 25Java 7 Update 45Java Auto UpdaterJohn Deere Drive GreenJunk Mail filter updateLeft 4 Dead 2LINEMalwarebytes Anti-Malware version 1.75.0.1300Mass Effect™ 3Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office 2010Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Enterprise 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Groove MUI (English) 2007Microsoft Office Groove Setup Metadata MUI (English) 2007Microsoft Office InfoPath MUI (English) 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programsMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server Compact 3.5 SP2 ENUMicrosoft SQL Server Compact 3.5 SP2 x64 ENUMicrosoft Visual Basic PowerPacks 10.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft XNA Framework Redistributable 4.0MSVCRTMSVCRT_amd64Multimedia POPMyFreeCodecNorton Internet SecurityNorton Online BackupNVIDIA PhysXOriginPegglePenguins!Plants vs. ZombiesPolar GolferPX Profile UpdateRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRISA-2D EducationalSamsung KiesSamsung Recovery Solution 5Samsung Story Album ViewerSAMSUNG USB Driver for Mobile PhonesSAP2000 15Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition SimCity™SketchUp 2013Skype Click to CallSkype™ 6.11Software LauncherSteamSynaptics Pointing Device DriverSystem Requirements Lab for IntelTerrariaTweetDeckUnity Web PlayerUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Infopath 2007 Help (KB963662)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)User GuideVLC media player 2.1.1WD SmartWareWildTangent GamesWildTangent ORB Game ConsoleWindows Driver Package - Broadcom (BCM43XX) Net (07/01/2011 5.100.82.95)Windows Live ???Windows Live ????Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWinRAR 5.00 beta 7 (64-bit)Zuma Deluxe.==== Event Viewer Messages From Past Week ========.1/6/2014 12:23:49 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect.1/6/2014 12:23:49 PM, Error: Service Control Manager [7000] - The WD File Management Shadow Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/6/2014 12:22:19 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the BlueStacks Log Rotator Service service to connect.1/6/2014 12:22:19 PM, Error: Service Control Manager [7000] - The BlueStacks Log Rotator Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/6/2014 12:21:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect.1/6/2014 12:21:41 PM, Error: Service Control Manager [7000] - The Autodesk Content Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/6/2014 11:00:24 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.1/6/2014 11:00:24 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.1/6/2014 1:43:07 PM, Error: Service Control Manager [7023] - The BlueStacks Android Service service terminated with the following error: An exception occurred in the service when handling the control request.1/5/2014 3:33:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD File Management Engine service to connect.1/5/2014 3:33:01 PM, Error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File =========================== Link to post Share on other sites More sharing options...
NoWayIn Posted January 15, 2014 Author ID:778111 Share Posted January 15, 2014 No one has replied here yet. please help Link to post Share on other sites More sharing options...
Maniac Posted January 16, 2014 ID:778713 Share Posted January 16, 2014 Hello NoWayIn! My name is Borislav and I will be glad to help you solve your malware problem. Please note:If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.Make sure you read all of the instructions and fixes thoroughly before continuing with them.Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.Step 1 I notice that you are using more than one antivirus program.avast! Free AntivirusNorton Internet SecurityThis is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall one of them and reboot your system. Step 2 Download OTL to your DesktopDouble click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 23, 2014 Staff ID:782017 Share Posted January 23, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 26, 2014 Staff ID:782929 Share Posted January 26, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
NoWayIn Posted January 28, 2014 Author ID:783487 Share Posted January 28, 2014 OTL.txt OTL logfile created on: 1/26/2014 11:41:33 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willy\Desktop\malwarestuff64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16428)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 48.44% Memory free7.79 Gb Paging File | 4.99 Gb Available in Paging File | 64.10% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 99.90 Gb Total Space | 29.32 Gb Free Space | 29.34% Space Free | Partition Type: NTFSDrive D: | 806.51 Gb Total Space | 700.26 Gb Free Space | 86.83% Space Free | Partition Type: NTFS Computer Name: WILLY-PC | User Name: Willy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2014/01/25 00:07:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Willy\Desktop\malwarestuff\OTL.exePRC - [2014/01/13 07:48:55 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exePRC - [2014/01/13 07:48:55 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exePRC - [2014/01/11 02:29:23 | 000,866,584 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exePRC - [2014/01/02 16:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exePRC - [2013/12/20 22:04:26 | 001,423,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exePRC - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2013/12/11 01:52:06 | 000,311,152 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exePRC - [2013/12/11 01:52:04 | 001,564,528 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exePRC - [2013/12/08 15:20:19 | 000,223,112 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exePRC - [2013/12/05 13:36:46 | 000,811,792 | ---- | M] (BlueStack Systems, Inc.) -- C:\Program Files (x86)\BlueStacks\HD-Agent.exePRC - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exePRC - [2013/06/04 09:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Willy\AppData\Local\Akamai\netsession_win.exePRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exePRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exePRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exePRC - [2013/01/31 22:50:22 | 001,641,368 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exePRC - [2013/01/09 03:25:05 | 000,424,299 | ---- | M] () -- C:\Program Files (x86)\Yahoo Messenger.exePRC - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exePRC - [2012/04/18 02:50:02 | 000,362,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2012/04/18 02:49:58 | 000,276,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2012/04/18 02:49:38 | 000,127,320 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exePRC - [2012/04/18 02:49:14 | 000,164,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exePRC - [2012/04/16 15:15:46 | 001,113,992 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exePRC - [2012/04/12 02:16:18 | 002,796,112 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exePRC - [2012/03/26 22:10:32 | 002,277,768 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exePRC - [2012/03/26 03:25:04 | 000,648,512 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exePRC - [2012/03/09 00:33:54 | 000,163,456 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exePRC - [2012/02/27 03:01:58 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exePRC - [2012/02/16 05:08:06 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exePRC - [2012/02/12 22:02:24 | 000,031,624 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exePRC - [2012/01/30 23:00:00 | 000,784,264 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exePRC - [2012/01/30 22:56:48 | 001,640,328 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exePRC - [2012/01/27 21:38:52 | 004,466,256 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exePRC - [2011/11/29 03:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exePRC - [2011/11/29 03:04:54 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exePRC - [2011/03/08 19:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exePRC - [2010/09/19 19:24:42 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exePRC - [2009/11/01 21:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe ========== Modules (No Company Name) ========== MOD - [2014/01/11 02:29:21 | 000,399,640 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppgooglenaclpluginchrome.dllMOD - [2014/01/11 02:29:19 | 013,615,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dllMOD - [2014/01/11 02:29:17 | 004,055,320 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dllMOD - [2014/01/11 02:28:15 | 000,715,544 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dllMOD - [2014/01/11 02:28:14 | 000,100,120 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dllMOD - [2014/01/11 02:28:11 | 001,634,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dllMOD - [2014/01/02 16:45:04 | 003,558,400 | ---- | M] () -- C:\Users\Willy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dllMOD - [2013/12/18 17:10:43 | 001,357,824 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\d633e37c729c49af66b6e1443e4e8ec0\HD-Agent.ni.exeMOD - [2013/12/18 17:10:28 | 000,155,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\JSON\245880b6686de6f8a8f2e7ebed5cd5f3\JSON.ni.dllMOD - [2013/12/13 22:52:59 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dllMOD - [2013/10/18 15:55:02 | 025,100,288 | ---- | M] () -- C:\Users\Willy\AppData\Roaming\Dropbox\bin\libcef.dllMOD - [2013/10/10 19:02:34 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dllMOD - [2013/10/10 10:08:37 | 012,436,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dllMOD - [2013/10/10 10:08:01 | 003,348,480 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dllMOD - [2013/10/10 10:07:54 | 000,978,432 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dllMOD - [2013/10/10 09:09:07 | 018,003,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dllMOD - [2013/10/10 09:08:18 | 011,451,904 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dllMOD - [2013/10/10 09:07:38 | 007,070,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dllMOD - [2013/10/10 09:07:32 | 003,858,944 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dllMOD - [2013/10/10 09:07:12 | 001,014,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dllMOD - [2013/09/12 11:52:38 | 011,914,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dllMOD - [2013/09/12 11:52:16 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dllMOD - [2013/08/17 03:57:29 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dllMOD - [2013/08/17 03:56:07 | 001,801,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dllMOD - [2013/08/17 03:50:55 | 000,487,424 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d4493b0e5a5c6faf89cfeaa5f2a21034\IAStorUtil.ni.dllMOD - [2013/08/17 03:30:34 | 001,593,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dllMOD - [2013/08/17 03:30:03 | 005,464,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dllMOD - [2013/08/17 03:29:54 | 007,989,760 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dllMOD - [2013/08/15 09:07:35 | 005,628,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dllMOD - [2013/08/15 09:07:23 | 009,099,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dllMOD - [2013/08/03 04:02:07 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dllMOD - [2013/08/03 03:35:26 | 011,499,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dllMOD - [2013/08/02 10:13:31 | 014,416,896 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dllMOD - [2013/04/21 05:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dllMOD - [2013/04/21 05:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dllMOD - [2013/01/09 03:25:05 | 000,424,299 | ---- | M] () -- C:\Program Files (x86)\Yahoo Messenger.exeMOD - [2012/09/23 04:43:36 | 000,313,992 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dllMOD - [2012/03/26 03:26:14 | 000,500,032 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dllMOD - [2012/03/26 03:13:16 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dllMOD - [2012/03/26 03:12:16 | 000,484,864 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dllMOD - [2012/03/26 03:08:38 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dllMOD - [2011/09/08 02:40:10 | 001,645,056 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dllMOD - [2011/08/16 23:48:24 | 000,322,048 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dllMOD - [2011/08/16 23:48:22 | 000,195,584 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dllMOD - [2011/08/16 23:41:36 | 000,400,384 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dllMOD - [2011/08/15 03:15:44 | 000,382,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dllMOD - [2011/08/15 03:12:04 | 002,603,520 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dllMOD - [2011/08/15 03:12:04 | 001,006,592 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dllMOD - [2011/08/15 02:23:00 | 000,062,464 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dllMOD - [2011/02/16 08:03:20 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dllMOD - [2009/11/01 21:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dllMOD - [2009/11/01 21:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dllMOD - [2006/08/11 19:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2014/01/13 07:48:55 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)SRV:64bit: - [2013/11/26 01:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)SRV:64bit: - [2013/08/06 04:26:47 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)SRV:64bit: - [2013/05/26 21:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV:64bit: - [2012/04/17 14:58:54 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)SRV:64bit: - [2012/03/06 09:00:46 | 000,629,984 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®SRV:64bit: - [2011/03/08 19:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)SRV:64bit: - [2010/09/22 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)SRV - [2014/01/07 13:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)SRV - [2013/12/20 22:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2013/12/11 02:38:36 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2013/12/05 13:35:50 | 000,385,808 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe -- (BstHdLogRotatorSvc)SRV - [2013/12/05 13:35:16 | 000,402,192 | ---- | M] (BlueStack Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\BlueStacks\HD-Service.exe -- (BstHdAndroidSvc)SRV - [2013/10/09 10:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)SRV - [2012/06/15 18:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)SRV - [2012/04/18 02:50:02 | 000,362,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2012/04/18 02:49:58 | 000,276,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2012/04/18 02:49:38 | 000,127,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®SRV - [2012/04/18 02:49:14 | 000,164,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)SRV - [2012/03/26 03:32:22 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)SRV - [2012/03/09 00:33:54 | 000,163,456 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (ZAtheros Bt&Wlan Coex Agent)SRV - [2012/03/09 00:11:54 | 000,107,648 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)SRV - [2012/02/12 22:02:24 | 000,031,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe -- (SamsungDeviceConfigurationWinService)SRV - [2012/01/30 18:46:56 | 000,019,232 | ---- | M] (Autodesk, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)SRV - [2011/11/29 03:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)SRV - [2011/03/08 19:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)SRV - [2011/03/08 19:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2014/01/13 07:49:58 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)DRV:64bit: - [2014/01/13 07:48:59 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)DRV:64bit: - [2014/01/13 07:48:59 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)DRV:64bit: - [2014/01/13 07:48:59 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)DRV:64bit: - [2014/01/13 07:48:59 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)DRV:64bit: - [2013/12/13 22:53:01 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)DRV:64bit: - [2013/12/13 22:53:00 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)DRV:64bit: - [2013/10/28 01:12:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)DRV:64bit: - [2013/10/28 01:12:10 | 000,107,288 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)DRV:64bit: - [2013/06/20 16:07:34 | 000,188,232 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)DRV:64bit: - [2013/06/20 16:07:34 | 000,169,288 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)DRV:64bit: - [2013/06/20 16:07:34 | 000,021,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)DRV:64bit: - [2012/12/12 21:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2012/08/20 21:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV:64bit: - [2012/07/05 18:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)DRV:64bit: - [2012/07/05 18:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)DRV:64bit: - [2012/06/06 20:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)DRV:64bit: - [2012/06/05 21:00:44 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)DRV:64bit: - [2012/05/21 17:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)DRV:64bit: - [2012/04/18 02:49:24 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)DRV:64bit: - [2012/04/17 18:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)DRV:64bit: - [2012/04/17 17:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)DRV:64bit: - [2012/04/17 15:18:34 | 010,857,984 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)DRV:64bit: - [2012/04/17 13:57:26 | 000,328,704 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)DRV:64bit: - [2012/04/08 08:18:54 | 000,429,328 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2012/03/26 03:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)DRV:64bit: - [2012/03/26 03:09:54 | 014,748,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2012/03/19 13:15:54 | 000,032,896 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd)DRV:64bit: - [2012/03/19 01:43:42 | 000,314,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR)DRV:64bit: - [2012/03/09 04:41:16 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2012/03/09 00:22:18 | 000,281,472 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)DRV:64bit: - [2012/03/09 00:22:00 | 000,068,736 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)DRV:64bit: - [2012/03/09 00:21:24 | 000,168,064 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)DRV:64bit: - [2012/03/09 00:21:06 | 000,036,480 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)DRV:64bit: - [2012/03/09 00:20:48 | 000,030,848 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)DRV:64bit: - [2012/03/09 00:20:30 | 000,111,232 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)DRV:64bit: - [2012/03/09 00:20:12 | 000,340,096 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)DRV:64bit: - [2012/02/29 22:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2012/02/27 03:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)DRV:64bit: - [2012/02/27 03:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)DRV:64bit: - [2012/02/27 03:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)DRV:64bit: - [2012/02/16 05:08:26 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)DRV:64bit: - [2011/12/05 12:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2011/11/29 02:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2011/09/21 21:39:44 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)DRV:64bit: - [2011/08/15 14:51:40 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)DRV:64bit: - [2011/07/05 03:55:30 | 004,745,280 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/11/20 19:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 19:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2008/05/06 00:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)DRV - [2013/12/05 13:35:40 | 000,113,424 | ---- | M] (BlueStack Systems) [Kernel | Auto | Running] -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys -- (BstHdDrv)DRV - [2013/09/23 20:37:14 | 001,525,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20130924.001\BHDrvx64.sys -- (BHDrvx64)DRV - [2013/08/28 18:59:18 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131005.007\ex64.sys -- (NAVEX15)DRV - [2013/08/28 18:59:18 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)DRV - [2013/08/28 18:59:18 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)DRV - [2013/08/28 18:59:18 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20131005.007\eng64.sys -- (NAVENG)DRV - [2013/08/13 17:30:18 | 000,520,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20131004.001\IDSviA64.sys -- (IDSVia64)DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=30IE - HKLM\..\SearchScopes,DefaultScope = {A4BB0820-7323-4923-A175-51DE68638688}IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\..\SearchScopes,DefaultScope = {A4BB0820-7323-4923-A175-51DE68638688}IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.globasearch.com/?serie=30&b=3&q={searchTerms}IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\..\SearchScopes\{A4BB0820-7323-4923-A175-51DE68638688}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN39854164181109430&UM=2IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Willy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ [2013/08/02 01:43:15 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ [2014/01/26 22:43:14 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/08/02 06:37:23 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllCHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dllCHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Unity Player (Enabled) = C:\Users\Willy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dllCHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dllCHR - Extension: Google Docs = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Missing e = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\CHR - Extension: Turn Off the Lights = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_0\CHR - Extension: YouTube = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Facebook = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\CHR - Extension: Google Search = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Line messenger = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dngafncjggabnheiinpoocchdpfignoj\0.0.0.3_0\CHR - Extension: Gmail Offline = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\CHR - Extension: Window Expander For YouTube = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog\2.3_0\CHR - Extension: avast! Online Security = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\CHR - Extension: Website Blocker (Beta) = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.2.5_0\CHR - Extension: JavaScript Popup Blocker = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.6_0\CHR - Extension: Crimson Red Theme = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfgbckkcgepopaojnhcnkcdiafkcdjo\1_0\CHR - Extension: YouTube Video Deck = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.9.6.3_0\CHR - Extension: Rdio Mini Player = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepblamgofpnmpkpmldlghcabonhdepn\0.2.0_0\CHR - Extension: TransitDB = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpolhbffjljhoeklikgkbkjpkbjkapp\0.0.6_0\CHR - Extension: Google Wallet = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\CHR - Extension: Currently = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.7.0_0\CHR - Extension: Rdio = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchjhmiapbbphflbgejhigbmfmmgbngn\1.2_0\CHR - Extension: Gmail = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/10/05 16:19:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2:64bit: - BHO: (sUerf iandd. kEep) - {7C021C07-7CB2-4194-1568-66178E51E2A4} - C:\Program Files (x86)\sUerf iandd. kEep\2zE23p_Y.x64.dll ()O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)O4 - HKLM..\Run: [AMD AVT] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [Akamai NetSession Interface] C:\Users\Willy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [backgroundContainer] C:\Users\Willy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)O4 - HKU\.DEFAULT..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - HKU\S-1-5-18..\RunOnce: [spUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - Startup: C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O4 - Startup: C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo Messenger!.lnk = C:\Program Files (x86)\Yahoo Messenger.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.82.1.2 142.103.1.42O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FBE32D7-401A-48D1-B26C-DA9131690090}: DhcpNameServer = 137.82.1.2 142.103.1.42O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7266E235-2A0B-4650-A2D8-E03C1B1BE011}: DhcpNameServer = 137.82.1.2 142.103.1.42O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not foundO20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013/08/06 03:59:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/01/26 22:39:32 | 000,000,000 | R--D | C] -- C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices[2014/01/15 19:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2014/01/13 07:49:44 | 000,079,672 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys[2014/01/11 20:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R[2014/01/05 15:38:03 | 000,000,000 | ---D | C] -- C:\Users\Willy\Documents\Youcam[2014/01/05 15:38:01 | 000,000,000 | ---D | C] -- C:\Users\Willy\AppData\Roaming\CyberLink[2014/01/05 15:38:01 | 000,000,000 | ---D | C] -- C:\Users\Willy\AppData\Local\CyberLink ========== Files - Modified Within 30 Days ========== [2014/01/26 23:38:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2014/01/26 23:26:52 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2014/01/26 22:48:51 | 000,028,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2014/01/26 22:48:51 | 000,028,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2014/01/26 22:38:53 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2014/01/26 22:38:12 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job[2014/01/26 22:36:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2014/01/26 22:36:13 | 4183,461,888 | -HS- | M] () -- C:\hiberfil.sys[2014/01/26 13:40:45 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2014/01/26 13:40:45 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2014/01/26 13:40:45 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2014/01/20 01:51:06 | 000,000,010 | ---- | M] () -- C:\Users\Willy\Documents\.Rhistory[2014/01/15 17:00:53 | 000,001,011 | ---- | M] () -- C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk[2014/01/15 17:00:27 | 000,000,979 | ---- | M] () -- C:\Users\Willy\Desktop\Dropbox.lnk[2014/01/15 16:08:09 | 000,498,400 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[2014/01/14 22:29:25 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2014/01/13 07:49:59 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk[2014/01/13 07:49:58 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys[2014/01/13 07:48:59 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys[2014/01/13 07:48:59 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys[2014/01/13 07:48:59 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe[2014/01/13 07:48:59 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys[2014/01/13 07:48:59 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys[2014/01/13 07:48:58 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr[2014/01/12 12:31:28 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job[2014/01/11 20:51:52 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\R i386 3.0.2.lnk[2014/01/11 20:51:52 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\R x64 3.0.2.lnk[2014/01/06 13:09:13 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk ========== Files Created - No Company Name ========== [2014/01/20 01:51:06 | 000,000,010 | ---- | C] () -- C:\Users\Willy\Documents\.Rhistory[2014/01/11 20:51:52 | 000,000,709 | ---- | C] () -- C:\Users\Public\Desktop\R x64 3.0.2.lnk[2014/01/11 20:51:51 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\R i386 3.0.2.lnk[2013/10/11 22:21:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013/10/11 22:21:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013/10/11 22:21:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2013/10/11 22:21:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013/10/11 22:21:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\vukeuhm.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth2.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth1.dll[2013/09/11 07:44:24 | 000,000,336 | ---- | C] () -- C:\windows\SysWow64\dpcqrxe.dll[2013/09/11 07:44:24 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll[2013/09/11 07:44:24 | 000,000,072 | ---- | C] () -- C:\windows\SysWow64\ssprs.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\xn3pjiy.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\wm9s68l.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\w8q08s1.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\w5aclk7.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\v1hlzuf.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\uzqdpji.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\q52v5xf.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\owvosyh.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\mpa9s71.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\lblmhb4.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\kwovleu.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\hd86x4m.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\fyqi5da.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\dp2d60q.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\c8qgqid.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\a7y5ais.dll[2013/08/06 04:06:52 | 000,424,299 | ---- | C] () -- C:\Program Files (x86)\Yahoo Messenger.exe[2013/08/02 07:53:17 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/06/14 03:56:26 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe[2013/06/14 03:56:18 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll[2013/06/14 03:56:18 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll[2013/06/14 03:56:18 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll[2013/06/14 03:56:18 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll[2012/06/05 21:30:14 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe[2012/06/05 21:01:18 | 000,003,586 | ---- | C] () -- C:\windows\HotFixList.ini[2012/06/05 20:42:00 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin[2012/06/05 20:33:56 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat[2012/04/17 14:16:54 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat[2012/04/17 14:16:54 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat[2012/04/17 14:14:24 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll[2012/03/26 03:19:10 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin[2012/03/26 03:19:08 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin[2012/03/26 03:08:42 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin[2012/03/26 03:08:42 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin[2012/03/26 03:08:42 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin[2012/03/26 03:03:46 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll[2012/03/26 01:53:42 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll[2012/03/26 01:47:54 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll[2012/03/06 08:40:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll[2012/01/30 14:00:24 | 000,016,896 | ---- | C] () -- C:\windows\SysWow64\kdbsdk32.dll ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013/11/30 18:32:28 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\(C0-65-99-4F-51-8C)[2013/11/20 22:54:22 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\.minecraft[2013/08/06 07:09:58 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Autodesk[2013/12/14 14:46:31 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\AVAST Software[2013/09/04 16:00:21 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\ChordChartWizard[2014/01/26 22:41:01 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Dropbox[2014/01/18 07:01:36 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\foobar2000[2013/08/02 07:24:09 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Install.GS[2013/08/12 21:49:38 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Nico Mak Computing[2013/08/04 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Origin[2013/08/02 04:36:50 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Samsung[2013/08/12 02:44:36 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\SketchUp[2013/11/09 02:18:59 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\SystemRequirementsLab[2013/11/13 03:20:19 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\Unity[2014/01/06 13:07:53 | 000,000,000 | ---D | M] -- C:\Users\Willy\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Link to post Share on other sites More sharing options...
NoWayIn Posted January 28, 2014 Author ID:783488 Share Posted January 28, 2014 Extras.txt OTL Extras logfile created on: 1/26/2014 11:41:33 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willy\Desktop\malwarestuff64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16428)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 48.44% Memory free7.79 Gb Paging File | 4.99 Gb Available in Paging File | 64.10% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 99.90 Gb Total Space | 29.32 Gb Free Space | 29.34% Space Free | Partition Type: NTFSDrive D: | 806.51 Gb Total Space | 700.26 Gb Free Space | 86.83% Space Free | Partition Type: NTFS Computer Name: WILLY-PC | User Name: Willy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit ScansCompany Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0 ========== Firewall Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\Program Files (x86)\Luobo\\Luobo.exe" = C:\Program Files (x86)\Luobo\\Luobo.exe:*:Enabled:Luobo"C:\Program Files (x86)\Luobo\\Luobo.exe" = C:\Program Files (x86)\Luobo\\Luobo.exe:*:Enabled:Luobo ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{32E8376D-8D98-49E9-9948-01225E3FD52D}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service | "{340DF06F-7E10-447B-815C-96E7C109A031}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | "{B0FE5F00-10BF-4266-9765-E7124CAF50AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{B118298A-F689-4464-8439-681065B98AB0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{062C1059-A1C4-4707-879C-636ED32AD00E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{09281C99-F133-4F09-9AE1-A97B8568E5CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{0BC6A502-9D48-4708-BF8F-60623AF837EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{117197B6-2733-417F-932E-37B9E6058B30}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | "{26E97446-1951-4FC8-B222-149A2B29BA2E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{36700705-93D3-4AAF-8A36-EF2CAFEC3DAA}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe | "{4299BDC6-3092-4988-9288-6C0B3890FDA0}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{528CCCCA-85D5-423A-9941-0EC30DD52E68}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\terraria\terraria.exe | "{53DBC95C-8DC7-4A8D-89E7-0934F8EE281F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{55AEA53A-A4F2-48FB-9401-19E2606D235F}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{5AC74DCC-D34C-475D-962F-7A0F0C722125}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "{5D9808A5-9C17-4AC8-89A0-EEE569FE2513}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{616DE58B-5E7A-44B5-9E26-9D70E6ED3702}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe | "{6287D71B-113B-4A25-8BF2-E7DE82900D18}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{67002FD2-C154-4E9A-827B-DA94C009FE13}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{67C955C2-03E9-40A6-B754-6F84DDAEEBEC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{760EA4BD-25EA-40B5-94BF-01536CDE4274}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe | "{78FD00A5-240E-46CD-990D-D73F043A1724}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{7913B1B4-63BF-4C1F-8E1F-A4DF36425A97}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{7B7442CA-D841-4096-80FC-4270EC2142DB}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{8D9FCEFA-8AB1-47A8-B6A2-93CE73BC98D7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{917701D6-A6CB-4DE6-B291-01A3359C39E2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{91ED2B59-5006-4C01-A32C-D1B1269E2596}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\simcity\simcity\simcity.exe | "{959E0FC0-7581-4288-9EFE-9E2EC69653FA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{A2CFD128-959A-4B9B-B2AB-E7363AF86814}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | "{AFE1413F-7D88-4CA7-A92F-40F9BA3BCE8C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | "{B1C5254C-17EA-41CB-80AE-E83E706DAE59}" = dir=in | app=c:\program files (x86)\cyberlink\media+player10\media+player10.exe | "{B605EF1C-C6A2-4A43-A26B-C097369AA500}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{C1351B58-4936-4BBB-875B-1A77581E1069}" = dir=in | app=d:\itunes\itunes.exe | "{C348DDF1-C9BC-4327-A7F4-CD4B87ECD40D}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{C52BC0A3-63F6-47FA-A665-DAFAB3C7AA0A}" = protocol=6 | dir=in | app=c:\users\willy\appdata\roaming\utorrent\utorrent.exe | "{CBE1E1DA-CF54-4D3D-B842-D9A45F0AEC86}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | "{D1D7A9AA-3A41-4C1B-954A-AB9EA9DF495B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{D2A8FE62-6F83-422B-B3E7-F82FCE521D65}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | "{DCBEBD80-2591-4E4E-8EBE-A00A7DEB47BA}" = protocol=6 | dir=in | app=c:\users\willy\appdata\roaming\dropbox\bin\dropbox.exe | "{ED82058D-3AF7-4F69-8D2C-CC1CE064CE85}" = protocol=17 | dir=in | app=c:\users\willy\appdata\roaming\dropbox\bin\dropbox.exe | "{EEFDAF7D-0B57-4B08-8493-E64F2F2EEA7B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | "{F0741334-050D-4610-8D19-C6FADAC99331}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | "{F55D2045-EFBD-4835-A0A2-B9E592359F84}" = protocol=17 | dir=in | app=c:\users\willy\appdata\roaming\utorrent\utorrent.exe | "{F6F85D86-D7E7-4FDC-B4F2-A2F1CCF0066E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "TCP Query User{1A2760A7-8870-4400-9F3A-A61932785578}D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "TCP Query User{50B346C4-220A-4BC6-AE59-B35DA6280823}C:\users\willy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\willy\appdata\local\akamai\netsession_win.exe | "TCP Query User{7D481C2D-23C5-49BB-8674-FA1A38E313D0}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "TCP Query User{9E941985-4501-47EF-B499-1258977EA0BF}C:\users\willy\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\willy\appdata\local\akamai\netsession_win.exe | "TCP Query User{B0CC8438-AD1B-488B-91CD-F19D726CF13F}D:\line\line.exe" = protocol=6 | dir=in | app=d:\line\line.exe | "TCP Query User{CEEE8651-1B96-48E5-BED0-9F49E6801127}C:\users\willy\desktop\minetest-0.4.8\bin\minetest.exe" = protocol=6 | dir=in | app=c:\users\willy\desktop\minetest-0.4.8\bin\minetest.exe | "UDP Query User{04D30D89-9339-4EDB-9941-E8FDAC922C2D}D:\line\line.exe" = protocol=17 | dir=in | app=d:\line\line.exe | "UDP Query User{22096EF3-6FF2-473E-BEE6-2B84C6900DD6}D:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe | "UDP Query User{452BEB10-3BF8-41A7-AF06-BE0866E5D564}C:\users\willy\desktop\minetest-0.4.8\bin\minetest.exe" = protocol=17 | dir=in | app=c:\users\willy\desktop\minetest-0.4.8\bin\minetest.exe | "UDP Query User{4994A032-3FC0-4BD9-AF1B-CBAEC35AF904}C:\users\willy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\willy\appdata\local\akamai\netsession_win.exe | "UDP Query User{6B22834E-5C95-419C-96B7-F2B349556E88}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "UDP Query User{6C841D9C-8F99-4311-9222-C2F3A7192C71}C:\users\willy\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\willy\appdata\local\akamai\netsession_win.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{07179D37-D5FE-4373-90D9-A25B992EFB3E}" = WD SmartWare"{0738F5F1-8E70-49A6-8692-F5722E1E5A4D}" = Easy Support Center"{171C7193-1BB5-4619-BF23-E962598CAB13}" = Intel® Trusted Connect Service Client"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector"{186CF1EE-3B47-A14F-897D-3BEBF7886BE0}" = AMD Accelerated Video Transcoding"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{5783F2D7-B000-0409-0102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013"{5783F2D7-B000-0409-1102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 Language Pack - English"{5783F2D7-B000-0409-2102-0060B0CE6BBA}" = AutoCAD Civil 3D 2013 - English"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{98AEACC7-A4C8-4FAC-6F2F-347B29042B43}" = ccc-utility64"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service"{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{F81156E9-1687-E56A-E3B4-3CF3D17520E2}" = AMD Catalyst Install Manager"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources"001FFF2FFF16FF00FF0301F01F02F000-R1" = ArchiCAD 16 USA"3443F9C6B5308783EC7E9DA9E41166C135CCB9C9" = Windows Driver Package - Broadcom (BCM43XX) Net (07/01/2011 5.100.82.95)"AutoCAD Civil 3D 2013" = AutoCAD Civil 3D 2013"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended"R for Windows 3.0.2_is1" = R for Windows 3.0.2"SynTPDeinstKey" = Synaptics Pointing Device Driver"WinRAR archiver" = WinRAR 5.00 beta 7 (64-bit) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common"{016118F6-06F2-4DC4-86A3-E5AC3A4D43EE}" = SAP2000 15"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013"{12F81925-F3C1-40DB-91F7-777817974319}" = Easy File Share"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 5"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Settings"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1C7F451D-ABB1-2DB1-FA04-5AF2BBF762D7}" = CCC Help Czech"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel® USB 3.0 eXtensible Host Controller Driver"{254A4D3B-ECE2-C9C2-1CA0-CF6BDEFFE508}" = CCC Help Russian"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 51"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program"{288D7000-786B-11D6-9D00-00B0D0E6A72E}" = RISA-2D Educational"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2AC4D9EB-C408-4AF3-8456-535ED72F9E28}" = Catalyst Control Center - Branding"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh"{2D49C296-BCCA-4800-BAF6-A0269EBDCF74}" = Windows Live Messenger"{2D9F8079-7D50-3EFD-B3BD-ED642E4EE756}" = Microsoft Visual Basic PowerPacks 10.0"{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}" = Autodesk Download Manager"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU"{3B74DAD7-3688-8B31-ADBA-CC9A3B159861}" = CCC Help Finnish"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go"{443C941A-F8D2-05D8-D0CF-68570C556763}" = CCC Help Dutch"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4D0E608A-C7EA-BC29-496C-BCA24C04909A}" = CCC Help Polish"{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3"{53C63F43-B827-42D9-8886-4698D91EA33B}" = System Requirements Lab for Intel"{55D4C8AF-5927-779B-2258-DB535A5303FA}" = Catalyst Control Center Localization All"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh"{5962B54A-9818-0F81-8CA0-8BD61A805068}" = CCC Help Chinese Traditional"{5B27A772-9076-D0DF-2119-7AE60B909186}" = CCC Help Korean"{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{72B622C9-AA10-47D7-A10C-377CF9BC8502}" = SketchUp 2013"{748F6B49-6861-03C6-7A15-8CFB195EDDAA}" = CCC Help Greek"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail"{757C4173-6457-48F5-898E-CF6A8E62287F}" = BlueStacks Notification Center"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"{75EEB978-3B56-637C-7A7C-56DD1C895473}" = CCC Help Italian"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{86815589-4562-5149-1480-6D0CA2F80648}" = Catalyst Control Center"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{977D1B66-C919-ECA6-225F-E37CE98E370B}" = CCC Help Portuguese"{99D0B5C9-AB0D-B8FC-A504-8442193A4789}" = Catalyst Control Center Profiles Mobile"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B384BC1-1B13-0EB9-FA9C-396C97122FDE}" = CCC Help Swedish"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{ABC5B759-21FF-E3BD-60B9-0B092942CF6A}" = CCC Help Japanese"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)"{AD964CB4-97F3-548D-6AFF-F31C182D9DD9}" = CCC Help Spanish"{AE90FC86-896F-2AB4-5B36-337E42232E9F}" = CCC Help English"{B60F78C4-BB4F-5CC0-42AC-78F416AE76F2}" = CCC Help German"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B750B5C2-CC17-4967-905B-29F4EB986131}" = Software Launcher"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger"{C4320294-D25F-61B5-BAE3-48C39DA0E5D0}" = CCC Help Norwegian"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"{CB427A08-FCF6-752A-B571-50162CDCC501}" = PX Profile Update"{CE3007FF-3E77-4B5B-8F94-662C9582C8A5}" = Multimedia POP"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{CF5C04A8-39DA-9C9E-9D0E-9648526F3B05}" = CCC Help Turkish"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1B53484-9A9C-A043-FD6D-52140AAD1D0B}" = CCC Help Chinese Standard"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DE256D8B-D971-456D-BC02-CB64DA24F115}" = Easy Software Manager"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E0ECBEF1-86D5-12B2-4911-E7EBB42EFC6A}" = CCC Help French"{E2031233-3B7C-4DFC-9319-197626C011C3}" = TweetDeck"{E2D68307-45AE-F90F-3F6A-307729570924}" = CCC Help Hungarian"{E42D1166-6E1F-45C8-EF8F-10688A78D3A8}" = CCC Help Thai"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer"{EDE7A262-DB20-4432-A630-2ACEE186C416}" = Easy Migration"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集"{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}" = E-POP"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F4A1251A-0B57-905C-0AA1-2CE56838FCFA}" = Catalyst Control Center InstallProxy"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FFB36E9F-7EF7-EA33-1FD4-6D6F71F2A899}" = CCC Help Danish"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Autodesk Content Service" = Autodesk Content Service"avast" = avast! Free Antivirus"BlueStacks App Player" = BlueStacks App Player"ENTERPRISE" = Microsoft Office Enterprise 2007"ERUNT_is1" = ERUNT 1.1j"ESET Online Scanner" = ESET Online Scanner v3"foobar2000" = foobar2000 v1.2.9"Freemake Video Converter_is1" = Freemake Video Converter version 4.0.3"Google Chrome" = Google Chrome"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite"InstallShield_{34FBC7C4-CD31-4D93-A428-0E524EAC4586}" = CyberLink Media+ Player10"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go"InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}" = Samsung Story Album Viewer"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector"LINE" = LINE"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"NIS" = Norton Internet Security"Origin" = Origin"Steam" = Steam"Steam App 105600" = Terraria"Steam App 49520" = Borderlands 2"Steam App 550" = Left 4 Dead 2"VLC media player" = VLC media player 2.1.1"WinLiveSuite" = Windows Live 程式集 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Akamai" = Akamai NetSession Interface"Dropbox" = Dropbox"MyFreeCodec" = MyFreeCodec"UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ]Error - 11/5/2013 10:50:34 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 3089 Error - 11/5/2013 11:01:41 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/5/2013 11:01:41 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 670071 Error - 11/5/2013 11:01:41 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 670071 Error - 11/5/2013 11:01:42 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/5/2013 11:01:42 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 671101 Error - 11/5/2013 11:01:42 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 671101 Error - 11/5/2013 11:01:43 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/5/2013 11:01:43 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 672099 Error - 11/5/2013 11:01:43 PM | Computer Name = Willy-PC | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 672099 [ System Events ]Error - 11/13/2013 6:04:35 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7000Description = The WD File Management Shadow Engine service failed to start due to the following error: %%1053 Error - 11/14/2013 9:11:03 AM | Computer Name = Willy-PC | Source = DCOM | ID = 10010Description = Error - 11/14/2013 5:01:16 PM | Computer Name = Willy-PC | Source = DCOM | ID = 10010Description = Error - 11/14/2013 5:43:09 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect. Error - 11/14/2013 5:43:09 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7000Description = The Autodesk Content Service service failed to start due to the following error: %%1053 Error - 11/14/2013 5:44:08 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect. Error - 11/14/2013 5:44:08 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7000Description = The WD File Management Shadow Engine service failed to start due to the following error: %%1053 Error - 11/14/2013 6:26:01 PM | Computer Name = Willy-PC | Source = DCOM | ID = 10010Description = Error - 11/14/2013 9:41:21 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7009Description = A timeout was reached (30000 milliseconds) while waiting for the Autodesk Content Service service to connect. Error - 11/14/2013 9:41:21 PM | Computer Name = Willy-PC | Source = Service Control Manager | ID = 7000Description = The Autodesk Content Service service failed to start due to the following error: %%1053 < End of report > Link to post Share on other sites More sharing options...
Staff gringo_pr Posted January 28, 2014 Staff ID:783712 Share Posted January 28, 2014 Hello NoWayInI would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.Run OTL ScriptDouble-click OTL.exe to start the program.Copy and Paste the following code into the text box.:OTLFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKU\.DEFAULT..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO4 - HKU\S-1-5-18..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" File not foundO18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value foundO18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - File not foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.globasearch.com/?serie=30IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\..\SearchScopes\{A4BB0820-7323-4923-A175-51DE68638688}: "URL" = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN39854164181109430&UM=2O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [BackgroundContainer] C:\Users\Willy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll (Conduit Ltd.)[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\vukeuhm.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth2.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\grcauth1.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth2.dll[2013/09/11 07:44:24 | 000,001,024 | ---- | C] () -- C:\windows\SysWow64\clauth1.dll[2013/09/11 07:44:24 | 000,000,336 | ---- | C] () -- C:\windows\SysWow64\dpcqrxe.dll[2013/09/11 07:44:24 | 000,000,100 | ---- | C] () -- C:\windows\SysWow64\prsgrc.dll[2013/09/11 07:44:24 | 000,000,072 | ---- | C] () -- C:\windows\SysWow64\ssprs.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\xn3pjiy.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\wm9s68l.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\w8q08s1.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\w5aclk7.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\v1hlzuf.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\uzqdpji.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\q52v5xf.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\owvosyh.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\mpa9s71.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\lblmhb4.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\kwovleu.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\hd86x4m.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\fyqi5da.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\dp2d60q.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\c8qgqid.dll[2013/09/11 07:44:24 | 000,000,016 | -H-- | C] () -- C:\windows\SysWow64\a7y5ais.dll:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked.The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFilesIt will be named - mmddyyyy_hhmmss.logWhere mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.Let me know How things are doingGringo Link to post Share on other sites More sharing options...
NoWayIn Posted January 30, 2014 Author ID:784460 Share Posted January 30, 2014 Still getting random popups in chrome. OTL log: ========== OTL ==========64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir deleted successfully.Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.File Protocol\Handler\livecall - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.File Protocol\Handler\ms-help - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.File Protocol\Handler\msnim - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.File Protocol\Handler\skype4com - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.File Protocol\Handler\wlmailhtml - No CLSID value found not found.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.File Protocol\Handler\wlpg - No CLSID value found not found.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll deleted successfully.64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A4BB0820-7323-4923-A175-51DE68638688}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A4BB0820-7323-4923-A175-51DE68638688}\ not found.Registry value HKEY_USERS\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BackgroundContainer deleted successfully.C:\Users\Willy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll moved successfully.C:\Windows\SysWOW64\vukeuhm.dll moved successfully.C:\Windows\SysWOW64\grcauth2.dll moved successfully.C:\Windows\SysWOW64\grcauth1.dll moved successfully.C:\Windows\SysWOW64\clauth2.dll moved successfully.C:\Windows\SysWOW64\clauth1.dll moved successfully.C:\Windows\SysWOW64\dpcqrxe.dll moved successfully.C:\Windows\SysWOW64\prsgrc.dll moved successfully.C:\Windows\SysWOW64\ssprs.dll moved successfully.C:\Windows\SysWOW64\xn3pjiy.dll moved successfully.C:\Windows\SysWOW64\wm9s68l.dll moved successfully.C:\Windows\SysWOW64\w8q08s1.dll moved successfully.C:\Windows\SysWOW64\w5aclk7.dll moved successfully.C:\Windows\SysWOW64\v1hlzuf.dll moved successfully.C:\Windows\SysWOW64\uzqdpji.dll moved successfully.C:\Windows\SysWOW64\q52v5xf.dll moved successfully.C:\Windows\SysWOW64\owvosyh.dll moved successfully.C:\Windows\SysWOW64\mpa9s71.dll moved successfully.C:\Windows\SysWOW64\lblmhb4.dll moved successfully.C:\Windows\SysWOW64\kwovleu.dll moved successfully.C:\Windows\SysWOW64\hd86x4m.dll moved successfully.C:\Windows\SysWOW64\fyqi5da.dll moved successfully.C:\Windows\SysWOW64\dp2d60q.dll moved successfully.C:\Windows\SysWOW64\c8qgqid.dll moved successfully.C:\Windows\SysWOW64\a7y5ais.dll moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Willy\Desktop\malwarestuff\cmd.bat deleted successfully.C:\Users\Willy\Desktop\malwarestuff\cmd.txt deleted successfully.========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Willy->Java cache emptied: 800914 bytes Total Java Files Cleaned = 1.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Willy->Flash cache emptied: 2037 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 01302014_001451 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 1, 2014 Staff ID:785372 Share Posted February 1, 2014 Hello NoWayIn These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one. -AdwCleaner- Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Scan.After the scan is complete click on "Clean"Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.-Junkware-Removal-Tool- Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts.Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message.When they are complete let me have the two reports and let me know how things are running. Gringo Link to post Share on other sites More sharing options...
NoWayIn Posted February 2, 2014 Author ID:785758 Share Posted February 2, 2014 AdwCleaner[s3].txt # AdwCleaner v3.018 - Report created 01/02/2014 at 23:53:39# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Willy - WILLY-PC# Running from : C:\Users\Willy\Desktop\malwarestuff\adwcleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\ConduitFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codecFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\myfree codecFolder Deleted : C:\Program Files (x86)\uTorrentControl_v6Folder Deleted : C:\windows\SysWOW64\SearchprotectFolder Deleted : C:\Users\Willy\AppData\Local\ConduitFolder Deleted : C:\Users\Willy\AppData\Local\SearchprotectFolder Deleted : C:\Users\Willy\AppData\LocalLow\ConduitFolder Deleted : C:\Users\Willy\AppData\LocalLow\PriceGongFolder Deleted : C:\Users\Willy\AppData\LocalLow\uTorrentControl_v6File Deleted : C:\END ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3313131Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3135D083-344C-47DC-BA44-6553ABC7963A}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1484BBCE-35EB-4BFA-BF97-8087B315692C}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\Myfree CodecKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\AppDataLow\ToolbarKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopesKey Deleted : HKCU\Software\AppDataLow\Software\PriceGongKey Deleted : HKCU\Software\AppDataLow\Software\smartbarKey Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6Key Deleted : HKLM\Software\ConduitKey Deleted : HKLM\Software\Myfree CodecKey Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\Software\uTorrentControl_v6Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16428 -\\ Google Chrome v32.0.1700.102 [ File : C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1103 octets] - [27/09/2013 22:29:31]AdwCleaner[R1].txt - [880 octets] - [30/09/2013 13:13:15]AdwCleaner[R2].txt - [998 octets] - [30/09/2013 13:52:52]AdwCleaner[R3].txt - [5273 octets] - [01/02/2014 23:40:47]AdwCleaner[s0].txt - [1078 octets] - [27/09/2013 22:50:45]AdwCleaner[s1].txt - [940 octets] - [30/09/2013 13:40:26]AdwCleaner[s2].txt - [1058 octets] - [30/09/2013 14:08:24]AdwCleaner[s3].txt - [4976 octets] - [01/02/2014 23:53:39] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [5036 octets] ########## Link to post Share on other sites More sharing options...
NoWayIn Posted February 2, 2014 Author ID:785759 Share Posted February 2, 2014 JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.0 (01.07.2014:1)OS: Windows 7 Home Premium x64Ran by Willy on Sun 02/02/2014 at 0:04:10.40~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayNameSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Willy\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"Successfully deleted: [File] "C:\Users\Willy\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"Successfully deleted: [File] "C:\Users\Willy\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage"Successfully deleted: [File] "C:\Users\Willy\appdata\local\google\chrome\user data\default\local storage\http_pricegong.conduitapps.com_0.localstorage-journal"Successfully deleted: [File] "C:\Users\Willy\appdata\local\google\chrome\user data\default\local storage\http_storage.conduit.com_0.localstorage" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Willy\appdata\local\cre" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sun 02/02/2014 at 0:13:16.18End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 2, 2014 Staff ID:785874 Share Posted February 2, 2014 Hello NoWayIn I Would like you to do the following. Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them. Run Combofix: You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this) Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here< Combofix may need to reboot your computer more than once to do its job this is normal. You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1 Link 2 Link 3 1. Close any open browsers or any other programs that are open. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer "information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
NoWayIn Posted February 4, 2014 Author ID:786589 Share Posted February 4, 2014 combofix.txt ComboFix 14-02-03.01 - Willy 02/03/2014 23:54:41.3.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3990.2472 [GMT -8:00]Running from: c:\users\Willy\Desktop\malwarestuff\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-01-04 to 2014-02-04 )))))))))))))))))))))))))))))))..2014-02-04 08:03 . 2014-02-04 08:03 -------- d-----w- c:\users\Public\AppData\Local\temp2014-02-04 08:03 . 2014-02-04 08:03 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-02 20:19 . 2014-02-02 20:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89C9064C-5559-4304-9AAE-D73C4613AF0E}\offreg.dll2014-02-02 09:36 . 2014-02-02 09:36 -------- d-----w- c:\windows\Sun2014-01-31 23:42 . 2013-12-16 09:54 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{89C9064C-5559-4304-9AAE-D73C4613AF0E}\mpengine.dll2014-01-30 08:14 . 2014-01-30 08:14 -------- d-----w- C:\_OTL2014-01-16 03:26 . 2013-12-19 05:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll2014-01-15 01:20 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-15 01:20 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-15 01:20 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-15 01:20 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-15 01:20 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-15 01:20 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-15 01:20 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-15 01:20 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-15 01:20 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-13 15:49 . 2014-02-02 20:22 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys2014-01-05 23:38 . 2014-01-05 23:38 -------- d-----w- c:\users\Willy\AppData\Roaming\CyberLink2014-01-05 23:38 . 2014-01-05 23:38 -------- d-----w- c:\users\Willy\AppData\Local\CyberLink...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-02 20:22 . 2013-10-06 17:25 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys2014-02-02 20:22 . 2013-10-06 17:25 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys2014-02-02 20:22 . 2013-10-06 17:25 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys2014-02-02 20:22 . 2013-10-06 17:25 334136 ----a-w- c:\windows\system32\aswBoot.exe2014-02-02 20:22 . 2013-10-06 17:25 43152 ----a-w- c:\windows\avastSS.scr2014-01-16 17:59 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2014-01-15 20:13 . 2013-08-03 11:42 86054176 ----a-w- c:\windows\system32\MRT.exe2014-01-13 15:48 . 2013-10-06 17:25 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys2013-12-14 06:53 . 2013-10-06 17:25 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys2013-12-14 06:53 . 2013-10-06 17:25 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys2013-12-11 10:38 . 2013-10-06 17:45 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-11 10:38 . 2013-10-06 17:45 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-10 11:04 . 2013-12-10 11:04 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-12-10 11:04 . 2013-12-10 11:04 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-12-10 11:04 . 2013-12-10 11:04 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-10 11:04 . 2013-12-10 11:04 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-12-10 11:04 . 2013-12-10 11:04 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-12-10 11:04 . 2013-12-10 11:04 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-10 11:04 . 2013-12-10 11:04 337408 ----a-w- c:\windows\SysWow64\html.iec2013-12-10 11:04 . 2013-12-10 11:04 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-12-10 11:04 . 2013-12-10 11:04 235008 ----a-w- c:\windows\system32\elshyph.dll2013-12-10 11:04 . 2013-12-10 11:04 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-12-10 11:04 . 2013-12-10 11:04 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-12-10 11:04 . 2013-12-10 11:04 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-12-10 11:04 . 2013-12-10 11:04 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-12-10 11:04 . 2013-12-10 11:04 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-12-10 11:04 . 2013-12-10 11:04 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-12-10 11:04 . 2013-12-10 11:04 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-12-10 11:04 . 2013-12-10 11:04 81408 ----a-w- c:\windows\system32\icardie.dll2013-12-10 11:04 . 2013-12-10 11:04 774144 ----a-w- c:\windows\system32\jscript.dll2013-12-10 11:04 . 2013-12-10 11:04 77312 ----a-w- c:\windows\system32\tdc.ocx2013-12-10 11:04 . 2013-12-10 11:04 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-12-10 11:04 . 2013-12-10 11:04 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-12-10 11:04 . 2013-12-10 11:04 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-12-10 11:04 . 2013-12-10 11:04 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-12-10 11:04 . 2013-12-10 11:04 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-12-10 11:04 . 2013-12-10 11:04 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-12-10 11:04 . 2013-12-10 11:04 548352 ----a-w- c:\windows\system32\vbscript.dll2013-12-10 11:04 . 2013-12-10 11:04 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-12-10 11:04 . 2013-12-10 11:04 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-12-10 11:04 . 2013-12-10 11:04 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-12-10 11:04 . 2013-12-10 11:04 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-12-10 11:04 . 2013-12-10 11:04 48128 ----a-w- c:\windows\system32\imgutil.dll2013-12-10 11:04 . 2013-12-10 11:04 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-12-10 11:04 . 2013-12-10 11:04 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-12-10 11:04 . 2013-12-10 11:04 413696 ----a-w- c:\windows\system32\html.iec2013-12-10 11:04 . 2013-12-10 11:04 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-12-10 11:04 . 2013-12-10 11:04 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-12-10 11:04 . 2013-12-10 11:04 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-12-10 11:04 . 2013-12-10 11:04 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-12-10 11:04 . 2013-12-10 11:04 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-12-10 11:04 . 2013-12-10 11:04 247808 ----a-w- c:\windows\system32\msls31.dll2013-12-10 11:04 . 2013-12-10 11:04 243200 ----a-w- c:\windows\system32\webcheck.dll2013-12-10 11:04 . 2013-12-10 11:04 235520 ----a-w- c:\windows\system32\url.dll2013-12-10 11:04 . 2013-12-10 11:04 195584 ----a-w- c:\windows\system32\msrating.dll2013-12-10 11:04 . 2013-12-10 11:04 167424 ----a-w- c:\windows\system32\iexpress.exe2013-12-10 11:04 . 2013-12-10 11:04 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-12-10 11:04 . 2013-12-10 11:04 147968 ----a-w- c:\windows\system32\occache.dll2013-12-10 11:04 . 2013-12-10 11:04 143872 ----a-w- c:\windows\system32\wextract.exe2013-12-10 11:04 . 2013-12-10 11:04 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-12-10 11:04 . 2013-12-10 11:04 13824 ----a-w- c:\windows\system32\mshta.exe2013-12-10 11:04 . 2013-12-10 11:04 135680 ----a-w- c:\windows\system32\iepeers.dll2013-12-10 11:04 . 2013-12-10 11:04 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-12-10 11:04 . 2013-12-10 11:04 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-12-10 11:04 . 2013-12-10 11:04 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-12-10 11:04 . 2013-12-10 11:04 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-12-10 11:04 . 2013-12-10 11:04 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-12-10 11:04 . 2013-12-10 11:04 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-12-10 11:04 . 2013-12-10 11:04 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-12-10 11:04 . 2013-12-10 11:04 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-12-10 11:04 . 2013-12-10 11:04 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-26 11:54 . 2013-12-12 19:31 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-12 19:32 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-12 19:32 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-12 19:31 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-12 19:31 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-12 19:31 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-12 19:31 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-12 19:31 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-12 19:32 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-12 19:31 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-12 19:31 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-12 19:31 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-12 19:31 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-12 19:31 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-12 19:31 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-12 19:31 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-12 19:31 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-12 19:31 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-12 19:31 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-12 19:31 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-12 19:31 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-12 19:31 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-12 19:31 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-12 19:31 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-11 20:13 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-11 20:13 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-11-12 02:23 . 2013-12-11 20:13 2048 ----a-w- c:\windows\system32\tzres.dll2013-11-12 02:07 . 2013-12-11 20:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll2013-01-09 11:25 . 2013-08-06 12:06 424299 ----a-w- c:\program files (x86)\Yahoo Messenger.exe..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 131248 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-12-11 1564528]"Akamai NetSession Interface"="c:\users\Willy\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-15 20584608]"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]"ADSK DLMSession"="c:\program files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe" [2013-02-01 1641368]"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2013-11-02 152392]"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-02 3767096]"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-12-05 811792].c:\users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-2 30714328]Yahoo Messenger!.lnk - c:\program files (x86)\Yahoo Messenger.exe [2013-8-6 424299].c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2011-3-8 4236288].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]R2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]S0 aswRvrt;avast! Revert; [x]S0 aswVmm;avast! VM Monitor; [x]S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]start [bU].[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-01-29 18:36 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-04 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-06 10:38].2014-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 09:50].2014-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-02 09:50].2014-02-03 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26 11:24].2014-02-02 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-03-26 11:24]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C021C07-7CB2-4194-1568-66178E51E2A4}]2013-11-11 05:53 407552 ----a-w- c:\program files (x86)\sUerf iandd. kEep\2zE23p_Y.x64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2014-02-02 20:22 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]2013-09-10 23:54 164016 ----a-w- c:\users\Willy\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2012-03-09 1021056]"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2012-03-09 800896]"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2012-02-05 415680].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmStart Page = mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>;*.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000TCP: DhcpNameServer = 137.82.1.2 142.103.1.42..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-02-04 00:06:28ComboFix-quarantined-files.txt 2014-02-04 08:06ComboFix2.txt 2013-10-12 06:38ComboFix3.txt 2013-10-06 00:20.Pre-Run: 31,408,398,336 bytes freePost-Run: 31,116,521,472 bytes free.- - End Of File - - C595C3DF350A47BB1C5D89F6BFEBF4AA Link to post Share on other sites More sharing options...
NoWayIn Posted February 4, 2014 Author ID:786592 Share Posted February 4, 2014 I'm still getting the popups. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 5, 2014 Staff ID:787090 Share Posted February 5, 2014 Hello NoWayIn Which browser are you getting the popups? Lets get a deeper look into the system and lets see if something shows up. Download and run OTL Download OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Click on Run Scan at the top left hand corner.When done, two Notepad files will open.OTL.txt <-- Will be opened and the that I need posted back hereExtra.txt <-- Will be minimized - save this one on your desktop in case I ask for it laterPlease post the contents of OTL.txt in your next reply.Gringo Link to post Share on other sites More sharing options...
NoWayIn Posted February 5, 2014 Author ID:787187 Share Posted February 5, 2014 Popups appearing in Google Chrome. OTL.txt OTL logfile created on: 2/5/2014 2:52:07 PM - Run 2OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Willy\Desktop\malwarestuff64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.11.9600.16428)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.90 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 46.32% Memory free7.79 Gb Paging File | 4.98 Gb Available in Paging File | 63.89% Paging File freePaging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 99.90 Gb Total Space | 29.03 Gb Free Space | 29.06% Space Free | Partition Type: NTFSDrive D: | 806.51 Gb Total Space | 700.19 Gb Free Space | 86.82% Space Free | Partition Type: NTFS Computer Name: WILLY-PC | User Name: Willy | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)PRC - C:\Users\Willy\Desktop\malwarestuff\OTL.exe (OldTimer Tools)PRC - C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)PRC - C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe (Google Inc.)PRC - C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)PRC - C:\Users\Willy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)PRC - C:\Program Files (x86)\Yahoo Messenger.exe ()PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)PRC - C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.)PRC - C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Samsung Electronics CO., LTD.)PRC - C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Samsung Electronics Co., Ltd.)PRC - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe (Intel Corporation)PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)PRC - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)PRC - C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()PRC - C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.)PRC - C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics)PRC - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (SEC)PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()PRC - C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (CyberLink Corp.)PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libglesv2.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\libegl.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll ()MOD - C:\Users\Willy\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\HD-Agent\d633e37c729c49af66b6e1443e4e8ec0\HD-Agent.ni.exe ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\JSON\245880b6686de6f8a8f2e7ebed5cd5f3\JSON.ni.dll ()MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()MOD - C:\Users\Willy\AppData\Roaming\Dropbox\bin\libcef.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\46863d4abf7db3e009962abc8710c945\System.Runtime.Remoting.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ef0a534be135cd8f0d99d938d8b1814a\System.Windows.Forms.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\4eef5a3a4d0ed6d6fd882947a70df530\WindowsBase.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29f3ae8d313e62b4daed1107ccd29f9f\System.Configuration.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\464a76a3fdc9ee7456cb4baaea3e503a\PresentationFramework.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b5b66869081b909d238fdea083cf3179\PresentationCore.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dac1208781fdd0b960afc12efff42944\System.Core.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\0b37b2bafc33ef52282b9d7b217cabaf\WindowsBase.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\71d887ce964fb69b7f03c4fe7a3f28ff\System.Configuration.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\6ebbfafc5521934f7e1c154937a2788b\System.Web.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d473c19e69818875b9c739cad8f386a5\System.Runtime.Remoting.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\7bf3e4deef4483205017aa7b13194845\System.ServiceProcess.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\4d277a8481c203a35c58bd277a2e71df\System.Xaml.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\d4493b0e5a5c6faf89cfeaa5f2a21034\IAStorUtil.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\884bcbd22130ebeb1211bc7bcc3910c9\System.Xml.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\de853615c8224ba5d9aa9b76276c6d98\System.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\6e3778958a8bfd03bf0f2f60c4e25623\IAStorCommon.ni.dll ()MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()MOD - C:\Program Files (x86)\Yahoo Messenger.exe ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll ()MOD - C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll ()MOD - C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll ()MOD - C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll ()MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()MOD - C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll () ========== Services (SafeList) ========== SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)SRV:64bit: - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.)SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.)SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe ()SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros)SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Atheros Commnucations)SRV - (SamsungDeviceConfigurationWinService) -- C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe ()SRV - (Autodesk Content Service) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Autodesk, Inc.)SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)SRV - (WDSC) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe ()SRV - (WDFME) -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe ()SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswstm.sys (AVAST Software)DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)DRV:64bit: - (amdkmpfd) -- C:\Windows\SysNative\drivers\amdkmpfd.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros)DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)DRV:64bit: - (clwvd) -- C:\Windows\SysNative\drivers\clwvd.sys (CyberLink Corporation)DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)DRV:64bit: - (SABI) -- C:\Windows\SysNative\drivers\SABI.sys (SAMSUNG ELECTRONICS)DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems)DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.comIE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/searchIE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Willy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2013/08/02 06:37:23 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},CHR - homepage: CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dllCHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllCHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dllCHR - plugin: Java Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: Unity Player (Enabled) = C:\Users\Willy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dllCHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dllCHR - plugin: iTunes Application Detector (Enabled) = D:\iTunes\Mozilla Plugins\npitunes.dllCHR - Extension: Google Docs = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: Missing e = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\CHR - Extension: Turn Off the Lights = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.3.0.5_0\CHR - Extension: YouTube = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Facebook = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\CHR - Extension: Google Search = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Line messenger = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dngafncjggabnheiinpoocchdpfignoj\0.0.0.3_0\CHR - Extension: Gmail Offline = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.20_0\CHR - Extension: Window Expander For YouTube = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog\2.3_0\CHR - Extension: avast! Online Security = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\CHR - Extension: Website Blocker (Beta) = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hclgegipaehbigmbhdpfapmjadbaldib\0.2.5_0\CHR - Extension: JavaScript Popup Blocker = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hiajdlfgbgnnjakkbnpdhmhfhklkbiol\1.2.6_0\CHR - Extension: Crimson Red Theme = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfgbckkcgepopaojnhcnkcdiafkcdjo\1_0\CHR - Extension: YouTube Video Deck = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpoakikepagdiphlmfaeifpojdmbnegj\0.9.6.4_0\CHR - Extension: Rdio Mini Player = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nepblamgofpnmpkpmldlghcabonhdepn\0.2.0_0\CHR - Extension: TransitDB = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngpolhbffjljhoeklikgkbkjpkbjkapp\0.0.6_0\CHR - Extension: Google Wallet = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1\CHR - Extension: Currently = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojhmphdkpgbibohbnpbfiefkgieacjmh\2.7.0_0\CHR - Extension: Rdio = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pchjhmiapbbphflbgejhigbmfmmgbngn\1.2_0\CHR - Extension: Gmail = C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2013/10/05 16:19:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2:64bit: - BHO: (sUerf iandd. kEep) - {7C021C07-7CB2-4194-1568-66178E51E2A4} - C:\Program Files (x86)\sUerf iandd. kEep\2zE23p_Y.x64.dll ()O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)O4:64bit: - HKLM..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)O4 - HKLM..\Run: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe (Autodesk, Inc.)O4 - HKLM..\Run: [AMD AVT] C:\windows\SysWow64\cmd.exe (Microsoft Corporation)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)O4 - HKLM..\Run: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.)O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [Akamai NetSession Interface] C:\Users\Willy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)O4 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)O4 - Startup: C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Willy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)O4 - Startup: C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo Messenger!.lnk = C:\Program Files (x86)\Yahoo Messenger.exe ()O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\S-1-5-21-457241823-3690726184-1205769209-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not foundO9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 137.82.1.2 142.103.1.42O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3FBE32D7-401A-48D1-B26C-DA9131690090}: DhcpNameServer = 137.82.1.2 142.103.1.42O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7266E235-2A0B-4650-A2D8-E03C1B1BE011}: DhcpNameServer = 137.82.1.2 142.103.1.42O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)O32 - HKLM CDRom: AutoRun - 1O32 - AutoRun File - [2013/08/06 03:59:31 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014/02/05 14:50:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Willy\Desktop\OTL.exe[2014/02/05 13:23:15 | 000,000,000 | R--D | C] -- C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices[2014/02/04 00:06:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2014/02/04 00:03:19 | 000,000,000 | ---D | C] -- C:\windows\temp[2014/02/02 01:36:48 | 000,000,000 | ---D | C] -- C:\windows\Sun[2014/01/30 00:14:51 | 000,000,000 | ---D | C] -- C:\_OTL[2014/01/15 19:26:45 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaws.exe[2014/01/15 19:26:26 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\javaw.exe[2014/01/15 19:26:26 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\java.exe[2014/01/15 19:26:26 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\windows\SysWow64\WindowsAccessBridge-32.dll[2014/01/15 19:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java[2014/01/14 17:20:32 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys[2014/01/14 17:20:31 | 000,007,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys[2014/01/14 17:20:30 | 000,376,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys[2014/01/13 07:49:44 | 000,080,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys[2014/01/11 20:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R ========== Files - Modified Within 30 Days ========== [2014/02/05 14:51:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Willy\Desktop\OTL.exe[2014/02/05 14:38:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job[2014/02/05 14:26:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job[2014/02/05 13:32:03 | 000,028,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2014/02/05 13:32:03 | 000,028,848 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2014/02/05 13:22:38 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job[2014/02/05 13:22:05 | 000,000,828 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job[2014/02/05 13:20:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat[2014/02/05 13:19:50 | 4183,461,888 | -HS- | M] () -- C:\hiberfil.sys[2014/02/04 20:38:08 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe[2014/02/04 20:38:08 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl[2014/02/04 15:03:15 | 000,778,834 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI[2014/02/04 15:03:15 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat[2014/02/04 15:03:15 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat[2014/02/04 14:56:34 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2014/02/02 12:23:06 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk[2014/02/02 12:22:06 | 001,038,072 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys[2014/02/02 12:22:06 | 000,421,704 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys[2014/02/02 12:22:06 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe[2014/02/02 12:22:06 | 000,080,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys[2014/02/02 12:22:06 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys[2014/02/02 12:22:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr[2014/02/02 10:33:03 | 000,000,830 | ---- | M] () -- C:\windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job[2014/01/27 22:53:28 | 000,002,148 | ---- | M] () -- C:\Users\Public\Desktop\Style Builder 2013.lnk[2014/01/27 22:53:28 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\LayOut 2013.lnk[2014/01/27 22:53:28 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\SketchUp 2013.lnk[2014/01/20 01:51:06 | 000,000,010 | ---- | M] () -- C:\Users\Willy\Documents\.Rhistory[2014/01/15 17:00:53 | 000,001,011 | ---- | M] () -- C:\Users\Willy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk[2014/01/15 17:00:27 | 000,000,979 | ---- | M] () -- C:\Users\Willy\Desktop\Dropbox.lnk[2014/01/15 16:08:09 | 000,498,400 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT[2014/01/13 07:48:59 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys[2014/01/11 20:51:52 | 000,000,714 | ---- | M] () -- C:\Users\Public\Desktop\R i386 3.0.2.lnk[2014/01/11 20:51:52 | 000,000,709 | ---- | M] () -- C:\Users\Public\Desktop\R x64 3.0.2.lnk ========== Files Created - No Company Name ========== [2014/01/20 01:51:06 | 000,000,010 | ---- | C] () -- C:\Users\Willy\Documents\.Rhistory[2014/01/11 20:51:52 | 000,000,709 | ---- | C] () -- C:\Users\Public\Desktop\R x64 3.0.2.lnk[2014/01/11 20:51:51 | 000,000,714 | ---- | C] () -- C:\Users\Public\Desktop\R i386 3.0.2.lnk[2013/10/11 22:21:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe[2013/10/11 22:21:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe[2013/10/11 22:21:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe[2013/10/11 22:21:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe[2013/10/11 22:21:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe[2013/08/06 04:06:52 | 000,424,299 | ---- | C] () -- C:\Program Files (x86)\Yahoo Messenger.exe[2013/08/02 07:53:17 | 000,773,050 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI[2013/06/14 03:56:26 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe[2013/06/14 03:56:18 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll[2013/06/14 03:56:18 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll[2013/06/14 03:56:18 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll[2013/06/14 03:56:18 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll[2012/06/05 21:30:14 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe[2012/06/05 21:01:18 | 000,003,586 | ---- | C] () -- C:\windows\HotFixList.ini[2012/06/05 20:42:00 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin[2012/06/05 20:33:56 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat[2012/04/17 14:16:54 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat[2012/04/17 14:16:54 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat[2012/04/17 14:14:24 | 000,054,784 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll[2012/03/26 03:19:10 | 000,755,188 | ---- | C] () -- C:\windows\SysWow64\igkrng700.bin[2012/03/26 03:19:08 | 000,561,508 | ---- | C] () -- C:\windows\SysWow64\igfcg700m.bin[2012/03/26 03:08:42 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin[2012/03/26 03:08:42 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin[2012/03/26 03:08:42 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin[2012/03/26 03:03:46 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll[2012/03/26 01:53:42 | 013,024,768 | ---- | C] () -- C:\windows\SysWow64\ig7icd32.dll[2012/03/26 01:47:54 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll[2012/03/06 08:40:52 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 18:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 17:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 6, 2014 Staff ID:787259 Share Posted February 6, 2014 Hello NoWayIn We need to reset Chrome back to defaults to completely clear out what is going on. We can keep the bookmarks by exporting them - Export Bookmarks Then I need you to go Google Sync and sign into your account scroll down untill you see the "Stop and Clear" button and click on button At the prompt click on "Ok" Now we need to uninstall chrome I want you to uninstall Chrome and if asked about user data or settings then remove this also restart the computer and reinstall chrome, You can download The latest version from here - Google Chrome After you have Chrome reinstalled please check things out and let me know how it is doing. Gringo Link to post Share on other sites More sharing options...
NoWayIn Posted February 10, 2014 Author ID:788916 Share Posted February 10, 2014 Done everything as instructed. Still getting popups. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 10, 2014 Staff ID:789199 Share Posted February 10, 2014 Hello NoWayIn I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.Run OTL ScriptDouble-click OTL.exe to start the program.Copy and Paste the following code into the text box.:OTLO9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found :Filesipconfig /flushdns /cC:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked.The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFilesIt will be named - mmddyyyy_hhmmss.logWhere mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.Let me know How things are doingGringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 14, 2014 Staff ID:791089 Share Posted February 14, 2014 Hello 48 Hour bump It has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
NoWayIn Posted February 15, 2014 Author ID:791537 Share Posted February 15, 2014 OTL text file ========== OTL ==========64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\Willy\Desktop\malwarestuff\cmd.bat deleted successfully.C:\Users\Willy\Desktop\malwarestuff\cmd.txt deleted successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Sync Data scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Session Storage scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\z.cdn.turner.com\xslo\cvp\core\player\CVP_2.4.2.1.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\z.cdn.turner.com\xslo\cvp\core\player folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\z.cdn.turner.com\xslo\cvp\core folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\z.cdn.turner.com\xslo\cvp folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\z.cdn.turner.com\xslo folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\z.cdn.turner.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.video44.net\gogo\yume-h.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.video44.net\gogo folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.video44.net\##D322AEF493D8BAA3 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.video44.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.thedarewall.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.the-binary-theorem.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.kongregate.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.collegehumor.com\moogaloop\ch_flash_player-0.2.2.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.collegehumor.com\moogaloop folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.collegehumor.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.acciona.es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\www.acciona.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\w#\ww.the-binary-options-guide.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\w# folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\vox-static.liverail.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\vk.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\vidspot.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\videobug.net\flowplayer\fl#\owplayer.commercial-3.2.7.1.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\videobug.net\flowplayer\fl# folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\videobug.net\flowplayer folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\videobug.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\securepaths.com\sp.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\securepaths.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\secure-us.imrworldwide.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\sa.kewego.com\swf\kp.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\sa.kewego.com\swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\sa.kewego.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\s3.amazonaws.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\s.ytimg.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\player.ooyala.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\play44.net\flowplayer\fl#\owplayer.commercial-3.2.7.1.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\play44.net\flowplayer\fl# folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\play44.net\flowplayer folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\play44.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\opf.ooyala.com\3rdparty\espn_ui_module_v3_06_2.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\opf.ooyala.com\3rdparty folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\opf.ooyala.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\moneygainers.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\mochiads.com\__ms_1# folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\mochiads.com\__ms_# folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\mochiads.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\medicguru.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#z.cdn.turner.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.video44.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.thedarewall.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.the-binary-theorem.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.kongregate.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.collegehumor.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.acciona.es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#www.acciona.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#vox-static.liverail.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#vk.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#vidspot.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#videobug.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#securepaths.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#secure-us.imrworldwide.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#sa.kewego.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#s3.amazonaws.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#s.ytimg.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#player.ooyala.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#play44.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#opf.ooyala.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#moneygainers.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#mochiads.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#medicguru.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#live.sekindo.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#ishared.eu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#i.nflcdn.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#i.cdn.turner.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#grooveshark.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#glamourgazette.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#flash.quantserve.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#entitlement.auth.adobe.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#elancrafts.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#core.mochibot.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#clipstime.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#clicktoview.org folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#cheesestream.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#chatango.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#chat.kongregate.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#celebrityheadline.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#cdn.selectmedia.asia folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#cdn.optimatic.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#cdn.adnxs.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#cache.btrll.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#audienceinsights.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#assets.tp-cdn.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#assets.kongregate.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#assets.bunchball.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#allmyvideos.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys\#a.blip.tv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer\sys folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support\flashplayer folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\support folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\##AB9C1C2DBA311ECC folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com\##85292A41C9D2D5D5 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\macromedia.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\live.sekindo.com\##78CC5CD70E98ABF3 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\live.sekindo.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\ishared.eu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\i.nflcdn.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\i.cdn.turner.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\grooveshark.com\static\JSQueue_20140129154635.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\grooveshark.com\static folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\grooveshark.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\glamourgazette.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\flash.quantserve.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\files.provenpixel.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\entitlement.auth.adobe.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\elancrafts.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\core.mochibot.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\clipstime.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\clicktoview.org folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cheesestream.com\jwplayer\yume-h.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cheesestream.com\jwplayer folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cheesestream.com\##1AB3E47638933B0D folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cheesestream.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chatango.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0019\9394\live\CosmicClicks01.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0019\9394\live folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0019\9394 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0019 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012\5968\live\Rebuild2.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012\5968\live folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012\5968 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012\1657\live\KONGwonderputt.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012\1657\live folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012\1657 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0012 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0010\2267\live\hackslashcrawlK.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0010\2267\live folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0010\2267 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0010 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0002\3249\live\Contraption.swf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0002\3249\live folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0002\3249 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez\0002 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\gamez folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com\##5DDE01276333DCD7 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\chat.kongregate.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\celebrityheadline.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cdn.selectmedia.asia folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cdn.optimatic.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cdn.adnxs.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cdn-static.liverail.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\cache.btrll.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\audienceinsights.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\assets.tp-cdn.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\assets.kongregate.com folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\assets.bunchball.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\allmyvideos.net folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\a.blip.tv folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache\CCXYF8QV folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot\AssetCache folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\CacheWritableAdobeRoot folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Media Cache scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Local Storage scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.google.ca_0.indexeddb.leveldb folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_docs.google.com_0.indexeddb.leveldb folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\IndexedDB folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\GPUCache scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\Origins scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\Paths folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\001\t folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\001 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\Paths folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\000\t folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\000 folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\__MACOSX\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\__MACOSX folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_TW folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\zh_CN folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\vi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\uk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\tr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\th folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\sk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\se folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ru folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ro folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_PT folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pt_BR folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\pl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\no folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\nl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\lt folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ko folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ja folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\it folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\id folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\hi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fil folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\fi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\en folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\el folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\de folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\da folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\cs folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ca folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\bg folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales\ar folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\zh_TW folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\zh_CN folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\vi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\uk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\tr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\th folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\sv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\sr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\sl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\sk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\ru folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\ro folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\pt_PT folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\pt_BR folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\pl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\nl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\nb folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\lv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\lt folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\ko folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\ja folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\it folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\id folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\hu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\hr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\hi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\fr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\fil folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\fi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\et folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\es_419 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\en_GB folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\en folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\el folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\de folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\da folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\cs folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\ca folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales\bg folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\images folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\html folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\css folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.0.14735.1561_0 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_TW folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\zh_CN folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\vi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\uk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\tr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\th folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\sk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ru folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ro folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_PT folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pt_BR folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\pl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\no folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\nl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\lt folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ko folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ja folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\it folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\id folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\hi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\he folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fil folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\fi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\et folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es_419 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_US folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en_GB folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\en folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\el folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\de folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\da folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\cs folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ca folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\bg folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales\ar folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\zh_TW folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\zh_CN folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\vi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\uk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\tr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\th folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\sk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ru folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ro folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\pt_PT folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\pt_BR folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\pl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\no folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\nl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\lv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\lt folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ko folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ja folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\it folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\id folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\hu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\hr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\hi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\he folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\fr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\fil folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\fi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\en folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\el folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\de folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\da folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\cs folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ca folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\bg folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales\ar folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_TW folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\zh_CN folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\vi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\uk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\tr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\th folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\sk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ru folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ro folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_PT folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pt_BR folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\pl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\no folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\nl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ms folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\lt folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ko folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ja folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\it folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\id folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\hi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\he folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fil folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\fi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\eu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\et folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es_419 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_US folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\en_GB folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\el folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\de folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\da folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\cs folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ca folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\bg folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales\ar folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\zh_TW folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\zh_CN folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\vi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\uk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\tr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\th folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\sv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\sr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\sl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\sk folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ru folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ro folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\pt_PT folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\pt_BR folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\pl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\no folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\nl folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ms folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\lv folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\lt folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ko folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ja folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\it folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\id folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\hu folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\hi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\he folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\fr folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\fil folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\fi folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\et folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\es_419 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\es folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\en_US folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\en_GB folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\el folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\de folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\da folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\cs folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ca folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\bg folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales\ar folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\_locales folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extensions folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extension State scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extension Rules scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\databases\https_www.google.com_0 folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\databases scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Cache scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Application Cache scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default scheduled to be moved on reboot.========== COMMANDS ========== [EMPTYJAVA] User: All Users User: Default User: Default User User: Public User: Willy->Java cache emptied: 232826 bytes Total Java Files Cleaned = 0.00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Willy->Flash cache emptied: 82955 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02152014_012932 Files\Folders moved on Reboot...C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Sync Data folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Session Storage folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data scheduled to be moved on reboot.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Media Cache folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Local Storage folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\GPUCache folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System\Origins folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\File System folder moved successfully.File\Folder C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extension State not found!C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Extension Rules folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\databases folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Cache folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Application Cache\Cache folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Application Cache folder moved successfully.C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets folder moved successfully.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com\##75233E3DE50FD79A scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af#\6c054efb801.r29.cf1.rackcdn.com scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f#\20512dbe-483e6ce63d68aeb3d05af# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF\97ff0e7e610f# scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\XUZAUVJF scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default\Pepper Data scheduled to be moved on reboot.Folder move failed. C:\Users\Willy\AppData\Local\Google\Chrome\User Data\Default scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
NoWayIn Posted February 15, 2014 Author ID:791538 Share Posted February 15, 2014 popups still showing up in chrome. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted February 15, 2014 Staff ID:791569 Share Posted February 15, 2014 Hello NoWayIn Please download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.Gringo Link to post Share on other sites More sharing options...
NoWayIn Posted February 18, 2014 Author ID:792845 Share Posted February 18, 2014 FRST.txt Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-02-2014Ran by Willy (administrator) on WILLY-PC on 17-02-2014 23:25:04Running from C:\Users\Willy\Desktop\malwarestuffWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\windows\system32\atiesrxx.exe(AMD) C:\windows\system32\atieclxx.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Microsoft Corporation) C:\windows\system32\WLANExt.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe(Akamai Technologies, Inc.) C:\Users\Willy\AppData\Local\Akamai\netsession_win.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe(Akamai Technologies, Inc.) C:\Users\Willy\AppData\Local\Akamai\netsession_win.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel Corporation) C:\windows\system32\hkcmd.exe(Intel Corporation) C:\windows\system32\igfxpers.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateS
Recommended Posts