addaware problems.

Discussion in 'Windows - Virus and spyware problems' started by Heaseba, Oct 5, 2013.

  1. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I can not find addaware in my programs list yet it is constantly preventing me from accessing certain websites. I trust those websites and I want to access them, but I can't find how to disable a program I 'don't appear to' have. I'm NOT very computer savy...
     
  2. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi Heaseba,

    Please post a HJT Log and I'll help you remove the problems..

    -HijackThis.exe-

    Please download and save HijackThis.exe to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • Hijackthis will scan and then a log will open in notepad.
    Copy and paste the entire contents of the log in your next post.
    Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Please post the HijackThis log list in your next reply.


    2oG
     
    Last edited: Oct 5, 2013
  3. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    # AdwCleaner v3.006 - Report created 05/10/2013 at 18:09:00
    # Updated 01/10/2013 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Administrator - HEATHERPC
    # Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
    Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit
    Folder Deleted : C:\Users\Administrator\AppData\Local\PackageAware
    Folder Deleted : C:\Users\Administrator\AppData\Local\SwvUpdater
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Security Toolbar
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\MapsGalaxy_39EI
    Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Administrator\AppData\Roaming\Systweak
    Folder Deleted : C:\Users\Administrator\Documents\iMesh
    Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
    Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    File Deleted : C:\END
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\\invalidprefs.js
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
    File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\searchplugins\Search_Results.xml
    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
    File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\user.js
    File Deleted : C:\Windows\Tasks\AmiUpdXp.job
    File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InstallIQUpdater]
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    Key Deleted : HKCU\Software\AVG Secure Search
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\IGearSettings
    Key Deleted : HKCU\Software\Imesh
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\iMeshMediabarTb
    Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\Software\MapsGalaxy_39EI
    Key Deleted : HKLM\Software\systweak
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
    Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
    Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16483


    -\\ Mozilla Firefox v24.0 (en-US)

    [ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\prefs.js ]

    Line Deleted : user_pref("CT3289847.FF19Solved", "true");
    Line Deleted : user_pref("CT3289847.UserID", "UN25425600031627323");
    Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
    Line Deleted : user_pref("CT3289847.fullUserID", "UN25425600031627323.IN.20130723124951");
    Line Deleted : user_pref("CT3289847.installDate", "23/07/2013 12:49:51");
    Line Deleted : user_pref("CT3289847.installSessionId", "{21C9002A-E57B-4E3A-AABC-21F5EACDF92F}");
    Line Deleted : user_pref("CT3289847.installSp", "false");
    Line Deleted : user_pref("CT3289847.installerVersion", "1.5.4.4");
    Line Deleted : user_pref("CT3289847.keyword", "true");
    Line Deleted : user_pref("CT3289847.originalHomepage", "hxxp://www.teapartycommunity.com/|hxxp://www.google.com/ig");
    Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
    Line Deleted : user_pref("CT3289847.originalSearchEngine", "");
    Line Deleted : user_pref("CT3289847.originalSearchEngineName", "AVG Secure Search");
    Line Deleted : user_pref("CT3289847.searchRevert", "true");
    Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
    Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.70.5");
    Line Deleted : user_pref("CT3289847.xpeMode", "0");
    Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
    Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9");
    Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
    Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
    Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN25425600031627323&UM=2&SearchSource=3&q={searchTerms}");
    Line Deleted : user_pref("browser.search.order.1", "Search Results");
    Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
    Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN25425600031627323&UM=2&SearchSource=13");
    Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN25425600031627323&UM=2&q=");
    Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
    Line Deleted : user_pref("smartbar.machineId", "YHLAPW+DAH9KW74ZRPAYZX9MTZIJXPKSGXH1JFTHYDYHJIEBSIWBEYVYWMTJEU5QUGXULWGTL1FX1L+FZJJS8A");

    -\\ Google Chrome v

    [ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

    Deleted : icon_url

    *************************

    AdwCleaner[R0].txt - [15695 octets] - [05/10/2013 17:56:49]
    AdwCleaner[S0].txt - [14942 octets] - [05/10/2013 18:09:00]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15003 octets] ##########
     
  4. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Guess you see what I ment by a Lot of infection.. :)

    You are on the way but, there's a lot left. So let's get started:


    -Security Check-

    Download Security Check by screen317.
    Save it to your Desktop.

    Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    A Notepad document should open automatically called checkup.txt; please post the contents of that document.




    [​IMG] —Junkware Removal Tool--

    Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete, depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    • Please post the contents of JRT.txt into your reply.





    --RogueKiller--

    • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until pre-scan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+


    Please paste the logs in your next reply.
    Let me know what problem persists.


    2oG
     
  5. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Results of screen317's Security Check version 0.99.74
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Firewall Disabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 33
    Java version out of Date!
    Adobe Flash Player 11.8.800.168
    Adobe Reader 10.1.7 Adobe Reader out of Date!
    Mozilla Firefox (24.0)
    Google Chrome 29.0.1547.76
    Google Chrome 30.0.1599.69
    ````````Process Check: objlist.exe by Laurent````````
    tds TDS Backup Online fshoster32.exe
    tds TDS Backup Online apps Online Backup\agmailagent.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
     
  6. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.4 (10.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Administrator on Mon 10/07/2013 at 14:53:57.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30B96CCE-A3B3-45C5-A52C-5C610392DDA1}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9615E8D3-2C7F-4451-BD26-EFF75FD53F64}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\w3i"
    Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\strongvault"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\adawarebp"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Program Files (x86)\gamingwonderlandei"
    Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\invalidprefs.js
    Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\prefs.js

    user_pref("socialfixer.100000173078313/cached_content/donate_pagelet", "{\"expires_on\":1381417101234,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #c
    Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\minidumps [80 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 10/07/2013 at 14:59:27.82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.0.4 (10.06.2013:1)
    OS: Windows 7 Ultimate x64
    Ran by Administrator on Mon 10/07/2013 at 14:53:57.84
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30B96CCE-A3B3-45C5-A52C-5C610392DDA1}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9615E8D3-2C7F-4451-BD26-EFF75FD53F64}
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}



    ~~~ Files



    ~~~ Folders

    Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
    Successfully deleted: [Folder] "C:\ProgramData\w3i"
    Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\strongvault"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\adawarebp"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
    Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\datamngr"
    Successfully deleted: [Folder] "C:\Program Files (x86)\gamingwonderlandei"
    Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
    Successfully deleted: [Folder] "C:\ai_recyclebin"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



    ~~~ FireFox

    Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\invalidprefs.js
    Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\prefs.js

    user_pref("socialfixer.100000173078313/cached_content/donate_pagelet", "{\"expires_on\":1381417101234,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #c
    Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\minidumps [80 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Mon 10/07/2013 at 14:59:27.82
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    I don't understand what to do with rogue killer. there are several tabs, each with a string of stuff checked that means nothing to me and I can't copy and past the tabs.
     
  7. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    don't mess with the tabs. just click Delete button and if it doesn't give you a report, then click the report button..
     
  8. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    click scan, delete, and it may reboot but will leave a report on the desktop..
     
  9. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Administrator [Admin rights]
    Mode : Remove -- Date : 10/07/2013 15:19:28
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Administrator\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b39bb23a570359cb5a25c3ad91708e37-7e8dd6de1359da33636f9b230aa1cadd7ad8b3a0 --CMPID 0913a [x][x][x]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-1224842166-2811445709-100843145-500\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Administrator\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b39bb23a570359cb5a25c3ad91708e37-7e8dd6de1359da33636f9b230aa1cadd7ad8b3a0 --CMPID 0913a [x][x][x]) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
    [HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 3 ¤¤¤
    [V2][ROGUE ST] {288CAEEB-77A8-4EB6-8EB3-A2D69BAA9CF7} : C:\Program Files (x86)\1701 A.D\1701.exe [x] -> DELETED
    [V2][ROGUE ST] {D59DB6C2-C255-4527-BE42-DBDFBDF85AC2} : C:\Program Files (x86)\1701 A.D\1701.exe [x] -> DELETED
    [V2][ROGUE ST] {EC8BF168-AFFA-4B7B-B2D3-20B7D60707F8} : C:\Program Files (x86)\1701 A.D\1701.exe [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKS-75A7B2 ATA Device +++++
    --- User ---
    [MBR] 69ed0571f3c9c8a009b3424e09ddcd90
    [BSP] 1df812da91e9c603691aabdc285e22e8 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 272033 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 557330432 | Size: 204804 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_10072013_151928.txt >>
    RKreport[0]_S_10072013_150233.txt
     
  10. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    You realize (or maybe you don't) I have no idea what I am doing, and when you said you guess I could see I had a lot of viruses.. well.. um.. noooo... I couldn't tell if it was a virus or not.. *blush*
     
  11. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi Heaseba,

    It's OK, and yes you had a tub full of malware... :(

    Bare with me and we'll get you clean as an "Old Maid's Parlor" lol

    Did you install Avast?

    You have F-Secure TDS backup online showing. Do you use it or is it just a remnant left over?

    It will take me some time to go over the logs so I can see what we need to do next. This cleanup may take some time but I know you will be happy when it's done. :)

    I need one or two more logs so I can dig a little deeper:

    first:

    --OTL--

    Please download OTL by OldTimer to your Desktop.

    If you already have a copy of OTL, delete it and use this version.

    Double click OTL.exe to launch the program.

    Check the following.
    Scan all users.
    Standard Output.
    Lop check.
    Purity check.
    Under Extra Registry section, select Use SafeList
    Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

    When finished it will produce two logs.
    OTL.txt (open on your desktop).
    Extras.txt (minimized in your taskbar)

    Please post me both logs



    If you have trouble, just ask....
    2oG
     
  12. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I didn't install avast. Just cancelled the TDS stuff so its a remnant.
    OTL logfile created on: 10/7/2013 4:34:59 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.60% Memory free
    7.99 Gb Paging File | 5.91 Gb Available in Paging File | 73.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 265.66 Gb Total Space | 162.30 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
    Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

    Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/10/07 16:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
    PRC - [2013/09/30 22:42:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2013/09/11 11:28:33 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
    PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/11/29 17:28:24 | 002,437,120 | ---- | M] (F-Secure) -- C:\Program Files (x86)\tds\TDS Backup Online\apps\Online Backup\agmailagent.exe
    PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2011/09/01 10:10:44 | 000,139,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\tds\TDS Backup Online\fshoster32.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/09/30 22:42:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2013/09/11 11:28:32 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
    MOD - [2013/06/11 11:42:32 | 008,347,304 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtGui4.dll
    MOD - [2013/06/11 11:42:32 | 002,256,552 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCore4.dll
    MOD - [2013/06/11 11:42:32 | 000,372,392 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtXml4.dll
    MOD - [2010/12/16 16:25:00 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\tds\TDS Backup Online\imageformats\qmng4.dll
    MOD - [2010/12/16 16:25:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\tds\TDS Backup Online\imageformats\qico4.dll
    MOD - [2010/12/16 16:25:00 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\tds\TDS Backup Online\imageformats\qgif4.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2013/09/30 22:42:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/09/19 21:28:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/01/22 00:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010/01/22 00:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2009/09/11 18:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={sea...ndex={startIndex?}&startPage={startPage}&rlz=
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
    IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
    FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.6.1
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
    FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
    FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.6.1.02
    FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
    FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
    FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
    FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={BBE22C73-B31F-4116-BCFF-819129D30C21}&Version=3.6.5&Vintage=20120834&Defaultbrowserid=53&Productid=155&Vendorid=6477&Offerid=6894&searchterm="
    FF - prefs.js..keyword.URL: ""
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 12:17:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/30 22:42:16 | 000,000,000 | ---D | M]

    [2012/03/14 09:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
    [2013/09/26 20:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
    [2013/09/12 19:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
    [2013/09/30 22:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2013/09/30 22:42:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/09/30 22:42:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
    [2013/09/30 22:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
    [2013/09/30 22:42:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/09/30 22:42:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2010/01/28 15:52:34 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml

    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
    CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

    O1 HOSTS File: ([2013/06/11 14:47:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [F-Secure Hoster] C:\Program Files (x86)\tds\TDS Backup Online\fshoster32.exe (F-Secure Corporation)
    O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
    O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
    O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab (Battlefield Heroes Updater)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/12/08 16:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
    O32 - AutoRun File - [2010/12/08 16:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/10/07 15:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
    [2013/10/07 14:53:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/10/05 18:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
    [2013/10/05 17:56:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/10/05 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013
    [2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    [2013/09/30 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
    [2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
    [2013/09/09 19:26:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
    [2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

    ========== Files - Modified Within 30 Days ==========

    [2013/10/07 16:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/10/07 16:11:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/10/07 16:11:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/10/07 16:02:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
    [2013/10/07 16:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/10/06 17:02:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
    [2013/10/06 17:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/10/05 18:10:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/10/05 18:10:37 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
    [2013/10/05 10:19:50 | 000,003,011 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
    [2013/10/01 09:46:09 | 000,002,051 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2013/09/30 23:15:05 | 000,001,643 | ---- | M] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
    [2013/09/22 15:26:45 | 000,000,955 | ---- | M] () -- C:\Users\Administrator\Documents\Pie crust.rtf
    [2013/09/21 22:36:02 | 000,011,193 | ---- | M] () -- C:\Users\Administrator\Documents\Rabbit costs.ods
    [2013/09/19 21:28:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/09/19 21:28:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/09/09 19:27:32 | 000,003,740 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

    ========== Files Created - No Company Name ==========

    [2013/10/05 10:19:50 | 000,003,011 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
    [2013/09/30 23:15:04 | 000,001,643 | ---- | C] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
    [2013/09/22 15:26:44 | 000,000,955 | ---- | C] () -- C:\Users\Administrator\Documents\Pie crust.rtf
    [2013/09/09 19:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
    [2013/06/11 14:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/11 14:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/11 14:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/11 14:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/11 14:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
    [2011/12/13 10:46:50 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/22 13:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
    [2011/09/22 13:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
    [2011/09/22 13:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
    [2011/09/22 13:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
    [2011/09/22 13:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
    [2011/09/22 13:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
    [2010/03/21 21:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
    [2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/01/22 00:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

    ========== ZeroAccess Check ==========

    [2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2011/02/13 09:15:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acreon
    [2012/05/23 08:39:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
    [2011/09/29 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
    [2011/09/20 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Elluminate
    [2010/03/21 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
    [2010/02/07 01:17:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Millennia
    [2010/02/20 16:57:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
    [2013/06/22 08:19:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
    [2012/06/05 17:07:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

    < End of report >
    OTL Extras logfile created on: 10/7/2013 4:34:59 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
    64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.60% Memory free
    7.99 Gb Paging File | 5.91 Gb Available in Paging File | 73.94% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 265.66 Gb Total Space | 162.30 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
    Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

    Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02109923-58DE-436D-99FF-1C6DD6DCEB2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{04C551AF-F1EC-4FA1-8D32-1E8A952E3B11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{064ECA90-EA85-4D15-A161-50C2345CA124}" = lport=57511 | protocol=6 | dir=in | name=pando media booster |
    "{10851AFF-F029-43D2-9351-1E16C1FBA732}" = lport=57471 | protocol=6 | dir=in | name=pando media booster |
    "{1BE9DBF6-CC29-4CE6-8EB1-4955D9555724}" = lport=57471 | protocol=17 | dir=in | name=pando media booster |
    "{1D3C15FD-83BD-4A52-A91C-23F554087069}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{21C3F113-25C0-4EF0-9677-2D6FC3899A39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{296DDE05-E3D3-4B37-B5A6-5BEB77E8E1FF}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{2DD6F556-97A1-43CE-A99F-A68D729FB428}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2EA41563-AA5A-4568-8311-16BCAA54E556}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3739787A-BF42-447A-9366-07E7499551BE}" = lport=57471 | protocol=17 | dir=in | name=pando media booster |
    "{3B893F0D-45C7-45BC-8565-E4D8E588D879}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{3BEBCE02-90E6-49C2-AB8E-D0E133F973C4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{3EAC3896-AB20-408A-B67F-FCD282957212}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3FBDCD98-6359-43BC-8966-6AC5360C751B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{41FDEC60-1232-4C72-AFA7-38E9E76C6F9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4E4A9301-16EE-4A5E-AFC0-4E1F563A61BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4F0080C5-39C7-41E1-B1C6-C578ED583E9B}" = lport=57471 | protocol=6 | dir=in | name=pando media booster |
    "{544C6F0B-BB87-432E-ADED-420D13C3CF08}" = rport=138 | protocol=17 | dir=out | app=system |
    "{5AEAFD0F-EFF7-4399-B4DB-D7236F445CD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{6D99F18E-E6E9-4872-A377-A1D526D8E516}" = lport=445 | protocol=6 | dir=in | app=system |
    "{782F927A-1613-4631-9190-154E2545688B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7A0A307E-7CEC-42D2-9D8F-DF075DFB74DA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{88381AFE-21D5-44F7-9B09-0ACCE6C3F4A5}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{8AD6B1F2-34BF-43A9-809D-EE7ECA4C05E1}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8D6326E2-C029-4F58-8CDF-06FC3251BE58}" = lport=139 | protocol=6 | dir=in | app=system |
    "{8EBF65DD-2B6A-4005-9D74-B7BC6D054773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{91203BDD-77BA-4939-A9DB-556F1A9F5DEA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{A5CECE3A-9524-4A29-82CB-F8BD859917A5}" = lport=57511 | protocol=17 | dir=in | name=pando media booster |
    "{A9AB3E78-5AA2-48B4-982A-9D689C8F22CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{B078800F-29A5-42ED-8248-77313FE6C9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
    "{B4C2AC26-7480-4373-83DC-78B5B14016F5}" = rport=139 | protocol=6 | dir=out | app=system |
    "{BD314197-D008-4C50-951B-84E84E46F648}" = lport=57511 | protocol=6 | dir=in | name=pando media booster |
    "{CB1F74EC-0FED-4478-9607-229EB472B727}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{D11369EC-51CF-4002-9BB9-EE281CD4D2E5}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{DA8E7325-DDA2-4C7B-A685-F6559E446910}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E8D623BE-862D-4603-8890-AB6C3C543B6F}" = lport=57511 | protocol=17 | dir=in | name=pando media booster |
    "{EEE4E301-CE29-4C52-AC30-7770BEFF820C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F7E7FAD8-7360-4935-B119-9702984957AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00311F48-0F29-488F-8C3B-D8648ED5B8F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0408E68F-5B84-4FD5-A49A-7A30B8F656C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{04D6EC3C-DFDF-417A-86F7-DB603D0C3114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{08D93482-047A-496E-B19B-8581EF1E8FF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0AC43648-D635-49D6-9A04-AC09668D7698}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0B558FDA-3ED4-49F4-8BEC-F6125F84A329}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{0CF63E0B-8161-47D7-A6B8-FCDC89A45540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{0EC91F12-DDFD-42E0-9049-490C8F1B7F50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{104CD85C-ED0C-4635-A9A0-2B2C02392CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{10EEAB44-3FB5-4546-8F4D-6B662040E271}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
    "{1277EADC-BC10-4311-BCE1-A523BB6E5FA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{12C0DE8F-7F77-45A3-AE45-3FBE9042DCEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{14174ECC-7EA3-4A1B-95DE-36089B84A920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{1474766B-FA9C-47AB-8436-892E79C2F0BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{14C87901-7B5F-4B45-B817-DDE0E2FC6043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{16FD6CFF-9A27-4474-98DB-665AD42EE260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{18D10E0E-A629-4B6B-8438-BAB97290F472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{19FD5AA3-521D-4117-8B7F-CB50F87DF1EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{20A40D95-2BBE-4DDE-AA0F-C2975794750A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{228B0EE6-2D47-4C8F-B09C-11DA7E9DD6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{23602F4D-5DF3-439E-82E1-75678C205C62}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
    "{2496A364-E9AE-4967-8912-324E9FFC8BAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{24FDC758-0F07-41FB-9ED0-83C92BBF9798}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{28FC52AE-8D12-4B3C-8637-BF69F91333FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{2952C625-8D4E-44D4-8C51-F3D64E6F18A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2A98A467-D1D5-4D42-96B6-A6D59745F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2AF5D644-C2C7-4B41-A699-CFABD4C0886A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2CB99F0C-AEDF-49D1-98B5-B12720325EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{2E7C2F63-4C81-42B5-9F4D-329D254FA816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{31E2B3FA-2F3B-42AE-9031-39B0D7B9F489}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3329FB89-E472-446A-9834-B76074720973}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{381609CE-9224-4731-B63C-99147B00F0D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{38940A29-65AC-4309-8F0F-C470EA8E98D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3A119B52-6641-40C5-9250-44E0A5CA31A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3AEC39A4-C52A-4E25-B15B-5E4A0D0C9502}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{3B936A4D-70FE-40F9-9EA3-AD6F7F871809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3DA3F282-D4F4-4243-A23C-E23952092F02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{3DDFC953-A27E-44E5-8C93-6F65A09D309C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{40BB3EF8-E0E7-481D-A010-C23990311C93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{41E8B170-DFFC-454C-9CFF-2C7E22971EB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{42C60383-4B87-4251-91F4-18A94593512E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4331AB8D-40FB-41AE-AEAA-A90D87C2F121}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{46C9A6B9-42DD-4E13-AF03-0F9CC7C13DD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{472BD21F-430D-4ABC-82A6-E8C338BB9091}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{47E2DBF7-BCEE-43B4-BF60-BAE3F5356CE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{493F3844-E423-4F17-B42C-1BED80F15B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{494FDB24-D4AD-4588-8530-651E7A5DBCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
    "{4AD8ACF5-2367-4F09-AB36-0522F3D2A98C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{4FCA9B9C-5B8B-4107-A0B2-08F4B53C4190}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{553A812A-53FB-4CE9-AA15-9BB558B72340}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{55A3E1DA-59DC-40D7-B5B7-BF379B56D4EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{55E1080F-9D79-4A6F-B019-79199FCCEEF1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{56186BAB-E98C-4283-8FF4-3F8B81098673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{56426541-6346-4775-88C8-019A29A81E3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{59DCF8A9-8678-4DD9-850B-75B38745B467}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5DD658B6-61C5-485E-B520-99A260D45565}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{5E2740FB-0851-4226-B44D-92AAFAB7313F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{629A74DD-A90E-422F-A071-018401BCF3A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{645F4D2E-269E-42A4-B8BC-6008795F73C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6994F34D-EB6D-4302-96C4-392C926E4AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6C7D6119-C9B4-4B17-AD9D-B52B1B771392}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6D5E9F76-E9F8-41E6-966E-262787127F87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6DB3BF43-3B70-487D-8BD3-513F90446D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{6E7E7A67-43B7-41E9-B498-42A8A098BF55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{745188ED-E5ED-4EA6-B3D4-C74B243B94D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{752E9BFE-EC43-453F-9799-BF17FE4BBDD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{75993784-FD3C-41F1-B94C-15DD585A101C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{79ACCB2A-C3D2-4519-B964-1AE5D186731D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{7D284FB7-EAAA-4E7D-B807-3AD5E6B59621}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{7F61BB87-8A88-47FB-8A0D-05F0078EE8D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{83586608-9402-4AF5-ABE9-A2D8A6E4D0E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{83C70BFC-6935-4C1C-AB8E-EE0907ACC97E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{83CDBE8E-D964-4C56-B1A6-07DEE8BCA7C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{845FD6AD-AE20-4E76-B8B2-41CDC9EC7826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8626B8CB-8CD8-4792-A39C-FE5D6EABCED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{874D639B-D876-4D1E-91CA-B72868813AC2}" = protocol=6 | dir=out | app=system |
    "{877E6A9C-6D1A-4C11-B8BA-666419921E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{89777727-4B2E-43A5-AB4E-7D69873AEDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{8C0E317F-C29B-43D6-B206-A5346A9E0118}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{8C697BA1-B55D-4AFE-B534-4E096B6D4DA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{8D40D627-D45F-401C-974F-11FBB1F41ADF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{8FFA4002-75F3-4C5F-BBCA-0B659B2A052D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
    "{91FA20F8-1720-49CF-8B50-B7FA1171776F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{92811427-FC93-418C-A6CB-5AE7E3287848}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{92CBCB8D-A58A-40AA-AF7B-65B22C28000B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9349092F-74E4-46AC-B3DF-FC4D647D8F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9539FFAC-6BA1-459C-B82E-B0F63EE5A9C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9548D6C9-91ED-4D1A-8A5A-732A60988442}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{977FA503-4BA5-4DEA-B182-897A2D3F7762}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{97AE8968-DDEE-4446-AF88-058AAA43C64D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{97E72EF4-70F7-4B4B-8347-3940B2B04B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9A342156-B72E-4324-A74C-DC5DD9529ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{9B05355E-1802-4EB7-A38C-634BCA293C50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9BF2E0E9-4679-48C4-AF61-12EC0E6B964D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{9C8A57E6-B5FA-47E2-BF61-935E2FF02067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A127AC3E-077E-4943-B32E-A9F0A3E51929}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A230FE8D-6697-4351-A7D1-27781AD245C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{A3484B5C-9035-4D89-B4CE-0B6D4A2E6822}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A72A86E5-FC5D-4524-8A71-6191B9F999FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A78AF983-0C55-4F79-AEF0-37BD19267F5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A8A27C97-C374-4052-BC4D-A91116B46E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
    "{A932002F-7F95-4451-BF44-70501FE751E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{A9BB6C83-F497-44C7-9706-6C45CB9419CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B0A00A4A-98AF-479F-A60E-BF78E5900747}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{B1BCB113-EAEE-48EB-878B-E617CF367039}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B1F1CDE1-8EB7-4451-9ACA-4D80674026D4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{B2CD3F33-6D33-4173-94E7-9701EBF4D020}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B370784D-EDB8-4DB5-8F43-BB6907ABA93E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B39E4FC6-2F10-45F4-9038-6241CE6B1FE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{B414A20A-952C-449F-A094-98D82671D2E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{B8A3BE06-8D51-4E8C-B217-1DCB9B7E9134}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BA23ED01-CB99-4643-8117-16087874DD3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BEC0A3EF-A18D-45FA-B8AD-0ABDCC7CFFE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{BF3E7038-B4AD-4AD0-8BF7-777D2652C65B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C13DEF69-1C49-4C49-95E2-066F8B8CC68F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C1F1BEF2-B36D-400A-AD00-CF33ECB9F84D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C454A1FB-0942-43DA-AC46-CAFD3396C5D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C563A4E2-B99B-468B-9DEE-FB8402CB82A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C69F6E37-D1FD-48A4-B994-7560838BD72D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{C991BA2E-8BDF-4E2F-99E7-0FDA0E999293}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
    "{CA7BAACB-1DB2-4251-AC1D-C44C660181EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CAF18376-20C9-4A1B-AB3A-85A60D877CA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{CBBF97A8-D882-4E17-BBC4-BC9156111481}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D23F8664-DB14-4685-99E9-455AB57F5F6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D24917D9-BD42-4CAF-BBCB-CE7B22B3EA3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D2D67EF8-C8FD-471F-B44F-B378EBDEFD78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D367154C-62CA-4A86-BD04-986431A491AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D3BA2A03-BBDF-4AFA-9A18-0EF8E016C1B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{D44436BF-CF2E-4027-A2E2-00189BAFFF65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D65C7866-91A4-40F6-8440-9D213167241F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D6D8519B-6550-42BF-A8D9-ACD187E4E089}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{D9C62700-3E99-4705-8175-8D7F6D506A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DA6DAA1C-8EF4-4F74-9D26-5729392A9E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DB3B50FE-33D8-4DB1-A298-931E80D7139C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
    "{DCC7FDE4-10D5-49D6-9C6A-CD0477C3E48D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
    "{DDDB42EB-3402-4CE0-B135-D1667D27D8F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DE69BFBA-C195-448D-BA58-01C96C855408}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E29F3C5D-0A90-43DB-8226-45BC27C1F98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E3A9F768-D423-40F9-BECD-78A7DB887B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E4BD17C6-045D-441D-AB32-75EF7E754742}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E7642C57-68C8-494D-B6F1-49FB326787E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E7EB89A0-8477-4574-91B1-4958D9CE8444}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E9C7D95A-0F44-480A-BF48-4B6AE48D5156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{E9E2A5FF-48BB-4890-A2F2-A6982A70FEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{EAFB3E86-8026-40DA-BFEC-FE3E05258632}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EBC0D362-AE58-48D5-B25F-9023D3FB0054}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EE311C9B-B13A-4CE4-B110-26683A4F4E6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{EFA59528-040C-416C-A2EB-8A01B4A45E24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F075781E-BB22-47C6-B021-5FD16161F42F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F0D1A1CE-4718-417B-AC9C-4E7B0CB9FCB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F0F9E34F-EB8F-4215-ACE3-9471A8AE98BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F4B26AC3-0ECF-419D-B758-0BC4E797D9C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{F656EA24-FDD9-48E0-BA1F-1024D4BC6C15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F7A14DFD-2E65-4832-BDC2-166239565309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{F9852E3F-B21A-4139-86A4-708CDD6AB8AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{FB5D52DF-4EC4-4177-9FAE-3CA2B7437FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{FB7DF6E2-709E-4978-A092-777FA9F75251}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "TCP Query User{1B7F224C-C0A2-44EE-922A-D44B04250C2F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "TCP Query User{ACBFBD4B-9672-4760-817F-E75ED880DDE9}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "TCP Query User{EBF520A1-D2C6-436B-BC4B-F7FAB1EE5B11}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{5DDE8B11-E298-4964-B616-A9213A2EF60A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
    "UDP Query User{A4D17D4A-B5B4-4939-B113-40969E46F370}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
    "UDP Query User{D88F583E-B15E-49D0-9152-7C5FDF9A5E64}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "AVG" = AVG 2013
    "Defraggler" = Defraggler
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.6
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
    "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{BEE60DC8-E9C0-49E9-868B-8E07052FC14D}" = TDS Backup Online
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.04.04.8012
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon Kindle" = Amazon Kindle
    "ATITool" = ATITool Overclocking Utility
    "AVG SafeGuard toolbar" = AVG SafeGuard toolbar
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "DMUninstaller" = DMUninstaller
    "ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
    "HaaliMkx" = Haali Media Splitter
    "Legacy 7.0" = Legacy 7.0
    "LegacyChart7_is1" = Legacy Charting 7.0
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Network Play System (Patching)" = Network Play System (Patching)
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "YTdetect" = Yahoo! Detect

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    < End of report >
     
  13. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    OK Heather, you're doing OK.

    As I said, it will take me some time to review the logs and write a fix for you so, don't get too impatient.

    While I am going over the logs I have, please do the following:

    1.) Run Combofix:

    Combofix may need to reboot your computer more than once to do its job this is normal.

    You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

    Link 1
    Link 2
    Link 3

    1. Close any open browsers or any other programs that are open.
    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    Double click on combofix.exe & follow the prompts.
    When finished, it will produce a report for you.

    Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

    "information and logs"

    In your next post I need the following
    Log from Combofix
    let me know of any problems you may have had
    How is the computer doing now?


    2.) Right now you don't have an AntiVirus and this is the best one....

    Download and install Avast Antivirus from here -> HERE.



    OH, just a guess are you in or near Madison, Wisc.?

    Any Problems? Please let me know so I may help...

    2oG
     
  14. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I installed Avast, but I can't see how to disable it while I run combofix..nvm I found it. will post log shortly
     
    Last edited: Oct 7, 2013
  15. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I am in Michigan. The computer seems to be doing great. I haven't noticed any problems, but I had NO IDEA I was infected. Just thought my ISP was pathetic.. It probably IS pathetic, but the viruses etc can't have helped.



    ComboFix 13-10-04.02 - Administrator 10/07/2013 23:26:30.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2327 [GMT -4:00]
    Running from: c:\users\Administrator\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\SysWow64\Cache
    c:\windows\SysWow64\Cache\075884af680ff6dc.fb
    c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
    c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
    c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
    c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
    c:\windows\SysWow64\Cache\633a76311867bd11.fb
    c:\windows\SysWow64\Cache\691f14230153a9e1.fb
    c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
    c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
    c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
    c:\windows\SysWow64\Cache\881b3593316772f0.fb
    c:\windows\SysWow64\Cache\98657d0579ae1930.fb
    c:\windows\SysWow64\Cache\a599b684fd37bb09.fb
    c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
    c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
    c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
    c:\windows\SysWow64\Cache\f34d8db84131d925.fb
    .
    Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
    Restored copy from - c:\windows\erdnt\cache86\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-09-08 to 2013-10-08 )))))))))))))))))))))))))))))))
    .
    .
    2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\Heather Sebald\AppData\Local\temp
    2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-10-07 21:40 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-10-07 21:40 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-10-07 21:40 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-10-07 21:40 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-10-07 21:40 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-10-07 21:40 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-10-07 21:40 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-10-07 21:40 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2013-10-07 21:40 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
    2013-10-07 21:39 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
    2013-10-07 21:39 . 2013-10-07 21:39 -------- d-----w- c:\program files\AVAST Software
    2013-10-07 21:39 . 2013-10-07 21:39 -------- d-----w- c:\programdata\AVAST Software
    2013-10-07 18:53 . 2013-10-07 18:53 -------- d-----w- c:\windows\ERUNT
    2013-10-05 22:11 . 2013-10-05 22:11 -------- d-----w- c:\programdata\boost_interprocess
    2013-10-05 21:56 . 2013-10-05 22:09 -------- d-----w- C:\AdwCleaner
    2013-10-05 21:52 . 2013-10-05 21:52 -------- d-----w- c:\users\Administrator\AppData\Local\Avg2013
    2013-10-05 14:19 . 2013-10-05 14:19 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-10-05 14:19 . 2013-10-05 14:19 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-09-09 23:27 . 2013-09-09 23:27 -------- d-----w- c:\users\Administrator\AppData\Local\AVG SafeGuard toolbar
    2013-09-09 23:26 . 2013-09-10 00:26 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
    2013-09-09 23:26 . 2013-09-09 23:25 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-09-09 23:26 . 2013-09-09 23:26 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-09-20 01:28 . 2012-04-16 17:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-09-20 01:28 . 2011-06-13 13:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files (x86)\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files (x86)\Family Toolbar\tbcore3.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "F-Secure Hoster"="c:\program files (x86)\tds\TDS Backup Online\fshoster32.exe" [2011-09-01 139264]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-03 6588144]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
    .
    R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ASWRVRT
    *NewlyCreated* - ASWSNX
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 01:28]
    .
    2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 20:49]
    .
    2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 20:49]
    .
    2013-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 20:49]
    .
    2013-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
    - c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 20:49]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/ig
    mStart Page = hxxp://search.myheritage.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
    Trusted Zone: facebook.com\apps
    TCP: DhcpNameServer = 192.168.0.1 216.170.153.146
    FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-UnityWebPlayer - c:\users\Administrator\AppData\Local\Unity\WebPlayer\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (Administrator)
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,04,
    6d,c3,8d,47,09,ab,e6,90,9a,f3,92,69,5e
    "{739df940-c5ee-4bab-9d7e-270894ae687a}"=hex:51,66,7a,6c,4c,1d,3b,1b,50,e6,8d,
    68,dd,9e,c0,04,80,73,63,48,96,e5,2c,67
    "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,90,
    b5,6f,75,bf,01,92,76,b5,b7,87,51,00,8a
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (Administrator)
    "Timestamp"=hex:93,fa,52,52,c5,87,ce,01
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (Administrator)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,3d,28,89,3b,fa,9b,42,82,36,3d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,3d,28,89,3b,fa,9b,42,82,36,3d,\
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3G2"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.3GP"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ADTS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AIFF"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AVI"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.CDA"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.m3u"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M4A"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.MHT"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MOV"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP3"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MP4"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MPEG"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.M2TS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.MIDI"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.AU"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.TTS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="IE.AssocFile.URL"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAV"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WAX"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASF"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMA"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMD"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMS"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMV"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.ASX"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WMZ"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WPL"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="WMP11.AssocFile.WVX"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (Administrator)
    "Progid"="FirefoxHTML"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\tds\TDS Backup Online\apps\Online Backup\agmailagent.exe
    .
    **************************************************************************
    .
    Completion time: 2013-10-07 23:38:34 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-10-08 03:38
    ComboFix2.txt 2013-06-11 18:56
    .
    Pre-Run: 175,037,456,384 bytes free
    Post-Run: 174,925,455,360 bytes free
    .
    - - End Of File - - 7899AEEC3BD833CD927B1BE47BAB44CD
    A36C5E4F47E84449FF07ED3517B43A31
     
  16. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Good Morning Heather,

    You are doing good and looking a lot better now. We still have some work to do and I'll be in and out today so will try my best to get something back to you before very long.. Hang in there, you'll be OK for now..

    2oG
     
  17. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Hi Heather,

    I hope this is about all it will take to get you clean. Do the following and we will see.:)

    -Uninstall some programs-

    NOTE** Because of the cleanup process some of the programs I have listed may not
    be in add/remove anymore this is fine just move to the next item on the list.

    Hold down the Windows key (bottom left on keyboard next to the Ctrl key) then
    press the “R” key. The Run box will open. Then type or copy/past appwiz.cpl
    into the box and click OK.

    The Unistall or change a program list will be opened.
    Click each Entry, as follows, one by one, if it exists, choose
    Uninstall, and give permission to Continue:

    Java(TM) 6 Update 33
    Java Auto Updater
    InstallIQ Updater
    TDS Backup Online
    SUPERAntiSpyware
    Adobe Reader 10.1.7


    Take extra care in answering questions posed by any Uninstaller.
    When the program(s) have been uninstalled, please close Control Panel

    Your Java was out of date. Older versions have vulnerabilities that
    malware can use to infect your system.
    Because you have OpenOffice, you will need to install the latest version of Java.

    Upgrading Java:
    • Download the latest version of JRE 7 Update 40.
    • Click the "Free Java Download" button.
    • Click the “Agree and Start Free Download” button.
    • Click on the download link for your system and save it to your desktop.
    Close any programs you may have running - especially your web browser.
    • Then from your desktop double-click on the download to install the
    newest version.(Vista/7 users, right click on the JRE download and select "Run
    as an Administrator.")

    Upgrading Adobe Reader
    The installed version of Adobe Reader on this computer was out-dated. Install
    the latest version of Adobe Reader available from Adobe. OR because Adobe is a target for malware. My recommendation is SumatraPDF which is light and will do the same thing as Adobe without being a target for malware…


    Let me know How things are doing.
    If this clears it, we may not need to go any deeper, let me know and I will finish up. You will need to run a cleanup of the programs I had you use..

    2oG
     
  18. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    ok.. I have done everything you have asked, including the reinstalls of java and the alternate adobe. So far, so good :D How do I clean up the programs I used?
    I was wondering.. hubby's comp is running slowly also. Would it hurt anything for him to do all these things, also?
     
    Last edited: Oct 8, 2013
  19. 2oldGeek

    2oldGeek Active member

    Joined:
    Jun 16, 2005
    Messages:
    3,658
    Likes Received:
    38
    Trophy Points:
    78
    Yes it would hurt. Computers are like people and snowflakes, no two are alike and the fixes for one can completely destroy another.....

    Before we declare you clean, I saw a few things in one of the logs I would like to get rid of before we finish, that is if you have the time.

    Also after we finish you can have your hubby come on with his puter and I fix him up....

    Right now please start OTL, run a scan and post it for a last look before we close the doors on this one.

    2oG
     
  20. Heaseba

    Heaseba Newbie

    Joined:
    Oct 5, 2013
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    I have the time.. lol...but what is OTL? (I'm kidding)
     
    Last edited: Oct 9, 2013

Share This Page