User User name Password  
   
Saturday 21.12.2024 / 09:29
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > addaware problems.
Show topics
 
Forums
Forums
addaware problems.
  Jump to:
 
Posted Message
Page:1234Next >
Heaseba
Newbie
_
5. October 2013 @ 10:39 _ Link to this message    Send private message to this user   
I can not find addaware in my programs list yet it is constantly preventing me from accessing certain websites. I trust those websites and I want to access them, but I can't find how to disable a program I 'don't appear to' have. I'm NOT very computer savy...

Work smart not hard..
Advertisement
_
__
AfterDawn Addict
_
5. October 2013 @ 12:04 _ Link to this message    Send private message to this user   
Hi Heaseba,

Please post a HJT Log and I'll help you remove the problems..

-HijackThis.exe-

Please download and save HijackThis.exe to your desktop.
? Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
? Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
? Hijackthis will scan and then a log will open in notepad.
? Copy and paste the entire contents of the log in your next post.
? Do not have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please post the HijackThis log list in your next reply.


2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...

This message has been edited since posting. Last time this message was edited on 5. October 2013 @ 12:14

Heaseba
Newbie
_
5. October 2013 @ 18:16 _ Link to this message    Send private message to this user   
# AdwCleaner v3.006 - Report created 05/10/2013 at 18:09:00
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Administrator - HEATHERPC
# Running from : C:\Users\Administrator\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MapsGalaxy_39EI
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Administrator\AppData\Local\Conduit
Folder Deleted : C:\Users\Administrator\AppData\Local\PackageAware
Folder Deleted : C:\Users\Administrator\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\MapsGalaxy_39EI
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Administrator\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Administrator\Documents\iMesh
Folder Deleted : C:\Program Files (x86)\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\END
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\\invalidprefs.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\iMeshWebSearch.xml
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\user.js
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InstallIQUpdater]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2D64FF7-0AB8-4263-89C9-EA3B0F8F050C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443D-956C-DC523D85C9DB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\iMeshMediabarTb
Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EI
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MapsGalaxy_39EI
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16483


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\prefs.js ]

Line Deleted : user_pref("CT3289847.FF19Solved", "true");
Line Deleted : user_pref("CT3289847.UserID", "UN25425600031627323");
Line Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3289847.fullUserID", "UN25425600031627323.IN.20130723124951");
Line Deleted : user_pref("CT3289847.installDate", "23/07/2013 12:49:51");
Line Deleted : user_pref("CT3289847.installSessionId", "{21C9002A-E57B-4E3A-AABC-21F5EACDF92F}");
Line Deleted : user_pref("CT3289847.installSp", "false");
Line Deleted : user_pref("CT3289847.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3289847.keyword", "true");
Line Deleted : user_pref("CT3289847.originalHomepage", "hxxp://www.teapartycommunity.com/|hxxp://www.google.com/ig");
Line Deleted : user_pref("CT3289847.originalSearchAddressUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
Line Deleted : user_pref("CT3289847.originalSearchEngine", "");
Line Deleted : user_pref("CT3289847.originalSearchEngineName", "AVG Secure Search");
Line Deleted : user_pref("CT3289847.searchRevert", "true");
Line Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Line Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3289847.xpeMode", "0");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=");
Line Deleted : user_pref("avg.install.installDirPath", "C:\\ProgramData\\AVG Secure Search\\11.0.0.9");
Line Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN25425600031627323&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN25425600031627323&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN25425600031627323&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Line Deleted : user_pref("smartbar.machineId", "YHLAPW+DAH9KW74ZRPAYZX9MTZIJXPKSGXH1JFTHYDYHJIEBSIWBEYVYWMTJEU5QUGXULWGTL1FX1L+FZJJS8A");

-\\ Google Chrome v

[ File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [15695 octets] - [05/10/2013 17:56:49]
AdwCleaner[S0].txt - [14942 octets] - [05/10/2013 18:09:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15003 octets] ##########
AfterDawn Addict
_
5. October 2013 @ 18:26 _ Link to this message    Send private message to this user   
Guess you see what I ment by a Lot of infection.. :)

You are on the way but, there's a lot left. So let's get started:


-Security Check-

Download Security Check by screen317.
Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.





?Junkware Removal Tool--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.





--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


Please paste the logs in your next reply.
Let me know what problem persists.


2oG
Heaseba
Newbie
_
7. October 2013 @ 14:53 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Guess you see what I ment by a Lot of infection.. :)

You are on the way but, there's a lot left. So let's get started:


-Security Check-

Download Security Check by screen317.
Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.





?Junkware Removal Tool--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.





--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


Please paste the logs in your next reply.
Let me know what problem persists.


2oG
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 33
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (24.0)
Google Chrome 29.0.1547.76
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
tds TDS Backup Online fshoster32.exe
tds TDS Backup Online apps Online Backup\agmailagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

Work smart not hard..
Heaseba
Newbie
_
7. October 2013 @ 15:05 _ Link to this message    Send private message to this user   
Originally posted by Heaseba:
Originally posted by 2oldGeek:
Guess you see what I ment by a Lot of infection.. :)

You are on the way but, there's a lot left. So let's get started:


-Security Check-

Download Security Check by screen317.
Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.





?Junkware Removal Tool--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.





--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


Please paste the logs in your next reply.
Let me know what problem persists.


2oG
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 33
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (24.0)
Google Chrome 29.0.1547.76
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
tds TDS Backup Online fshoster32.exe
tds TDS Backup Online apps Online Backup\agmailagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Administrator on Mon 10/07/2013 at 14:53:57.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30B96CCE-A3B3-45C5-A52C-5C610392DDA1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9615E8D3-2C7F-4451-BD26-EFF75FD53F64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamingwonderlandei"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\invalidprefs.js
Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\prefs.js

user_pref("socialfixer.100000173078313/cached_content/donate_pagelet", "{\"expires_on\":1381417101234,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #c
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\minidumps [80 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/07/2013 at 14:59:27.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Originally posted by Heaseba:
Originally posted by 2oldGeek:
Guess you see what I ment by a Lot of infection.. :)

You are on the way but, there's a lot left. So let's get started:


-Security Check-

Download Security Check by screen317.
Save it to your Desktop.

Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.





?Junkware Removal Tool--

Please download Junkware Removal Tool to your Desktop.
? Please close your security software to avoid potential conflicts.
? Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
? The tool will open and start scanning your system.
? Please be patient as this can take a while to complete, depending on your system's specifications.
? On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
? Please post the contents of JRT.txt into your reply.





--RogueKiller--

? Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
? Quit all programs that you may have started.
? Please disconnect any USB or external drives from the computer before you run this scan!
? For Vista or Windows 7, right-click and select "Run as Administrator to start"
? For Windows XP, double-click to start.
? Wait until pre-scan has finished ...
? Then Click on "Scan" button
? Wait until the Status box shows "Scan Finished"
? click on "delete"
? Wait until the Status box shows "Deleting Finished"
? Click on "Report" and copy/paste the content of the Notepad into your next reply.
? The log should be found in RKreport[1].txt on your Desktop
? Exit/Close RogueKiller+


Please paste the logs in your next reply.
Let me know what problem persists.


2oG
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 33
Java version out of Date!
Adobe Flash Player 11.8.800.168
Adobe Reader 10.1.7 Adobe Reader out of Date!
Mozilla Firefox (24.0)
Google Chrome 29.0.1547.76
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
tds TDS Backup Online fshoster32.exe
tds TDS Backup Online apps Online Backup\agmailagent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.4 (10.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by Administrator on Mon 10/07/2013 at 14:53:57.84
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{30B96CCE-A3B3-45C5-A52C-5C610392DDA1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9615E8D3-2C7F-4451-BD26-EFF75FD53F64}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\w3i"
Successfully deleted: [Folder] "C:\Users\Administrator\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Administrator\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Program Files (x86)\gamingwonderlandei"
Successfully deleted: [Folder] "C:\Program Files (x86)\w3i"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\invalidprefs.js
Successfully deleted the following from C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\prefs.js

user_pref("socialfixer.100000173078313/cached_content/donate_pagelet", "{\"expires_on\":1381417101234,\"content\":\"<div style=\\\"background-color:#ffffcc;border:1px solid #c
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\minidumps [80 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/07/2013 at 14:59:27.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




I don't understand what to do with rogue killer. there are several tabs, each with a string of stuff checked that means nothing to me and I can't copy and past the tabs.

Work smart not hard..
AfterDawn Addict
_
7. October 2013 @ 15:14 _ Link to this message    Send private message to this user   
don't mess with the tabs. just click Delete button and if it doesn't give you a report, then click the report button..
AfterDawn Addict
_
7. October 2013 @ 15:18 _ Link to this message    Send private message to this user   
click scan, delete, and it may reboot but will leave a report on the desktop..
Heaseba
Newbie
_
7. October 2013 @ 15:21 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
don't mess with the tabs. just click Delete button and if it doesn't give you a report, then click the report button..
RogueKiller V8.7.1 _x64_ [Oct 3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 10/07/2013 15:19:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Administrator\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b39bb23a570359cb5a25c3ad91708e37-7e8dd6de1359da33636f9b230aa1cadd7ad8b3a0 --CMPID 0913a [x][x][x]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-1224842166-2811445709-100843145-500\[...]\Run : AVG-Secure-Search-Update_0913a (C:\Users\Administrator\AppData\Roaming\AVG 0913a Campaign\AVG-Secure-Search-Update-0913a.exe /PROMPT --mid b39bb23a570359cb5a25c3ad91708e37-7e8dd6de1359da33636f9b230aa1cadd7ad8b3a0 --CMPID 0913a [x][x][x]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 3 ¤¤¤
[V2][ROGUE ST] {288CAEEB-77A8-4EB6-8EB3-A2D69BAA9CF7} : C:\Program Files (x86)\1701 A.D\1701.exe [x] -> DELETED
[V2][ROGUE ST] {D59DB6C2-C255-4527-BE42-DBDFBDF85AC2} : C:\Program Files (x86)\1701 A.D\1701.exe [x] -> DELETED
[V2][ROGUE ST] {EC8BF168-AFFA-4B7B-B2D3-20B7D60707F8} : C:\Program Files (x86)\1701 A.D\1701.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - WDC WD5000AAKS-75A7B2 ATA Device +++++
--- User ---
[MBR] 69ed0571f3c9c8a009b3424e09ddcd90
[BSP] 1df812da91e9c603691aabdc285e22e8 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 272033 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 557330432 | Size: 204804 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_10072013_151928.txt >>
RKreport[0]_S_10072013_150233.txt

Work smart not hard..
Heaseba
Newbie
_
7. October 2013 @ 15:28 _ Link to this message    Send private message to this user   
You realize (or maybe you don't) I have no idea what I am doing, and when you said you guess I could see I had a lot of viruses.. well.. um.. noooo... I couldn't tell if it was a virus or not.. *blush*

Work smart not hard..
AfterDawn Addict
_
7. October 2013 @ 15:42 _ Link to this message    Send private message to this user   
Hi Heaseba,

It's OK, and yes you had a tub full of malware... :(

Bare with me and we'll get you clean as an "Old Maid's Parlor" lol

Did you install Avast?

You have F-Secure TDS backup online showing. Do you use it or is it just a remnant left over?

It will take me some time to go over the logs so I can see what we need to do next. This cleanup may take some time but I know you will be happy when it's done. :)

I need one or two more logs so I can dig a little deeper:

first:

--OTL--

Please download OTL by OldTimer to your Desktop.

If you already have a copy of OTL, delete it and use this version.

Double click OTL.exe to launch the program.

Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)

Please post me both logs



If you have trouble, just ask....
2oG
Heaseba
Newbie
_
7. October 2013 @ 17:20 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Hi Heaseba,

It's OK, and yes you had a tub full of malware... :(

Bare with me and we'll get you clean as an "Old Maid's Parlor" lol

Did you install Avast?

You have F-Secure TDS backup online showing. Do you use it or is it just a remnant left over?

It will take me some time to go over the logs so I can see what we need to do next. This cleanup may take some time but I know you will be happy when it's done. :)

I need one or two more logs so I can dig a little deeper:

first:

--OTL--

Please download OTL by OldTimer to your Desktop.

If you already have a copy of OTL, delete it and use this version.

Double click OTL.exe to launch the program.

Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)

Please post me both logs



If you have trouble, just ask....
2oG
I didn't install avast. Just cancelled the TDS stuff so its a remnant.
Originally posted by 2oldGeek:
Hi Heaseba,

It's OK, and yes you had a tub full of malware... :(

Bare with me and we'll get you clean as an "Old Maid's Parlor" lol

Did you install Avast?

You have F-Secure TDS backup online showing. Do you use it or is it just a remnant left over?

It will take me some time to go over the logs so I can see what we need to do next. This cleanup may take some time but I know you will be happy when it's done. :)

I need one or two more logs so I can dig a little deeper:

first:

--OTL--

Please download OTL by OldTimer to your Desktop.

If you already have a copy of OTL, delete it and use this version.

Double click OTL.exe to launch the program.

Check the following.
Scan all users.
Standard Output.
Lop check.
Purity check.
Under Extra Registry section, select Use SafeList
Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).

When finished it will produce two logs.
OTL.txt (open on your desktop).
Extras.txt (minimized in your taskbar)

Please post me both logs



If you have trouble, just ask....
2oG
OTL logfile created on: 10/7/2013 4:34:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.60% Memory free
7.99 Gb Paging File | 5.91 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265.66 Gb Total Space | 162.30 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/10/07 16:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2013/09/30 22:42:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/09/11 11:28:33 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/11/29 17:28:24 | 002,437,120 | ---- | M] (F-Secure) -- C:\Program Files (x86)\tds\TDS Backup Online\apps\Online Backup\agmailagent.exe
PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2011/09/01 10:10:44 | 000,139,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\tds\TDS Backup Online\fshoster32.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/09/30 22:42:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/09/11 11:28:32 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/06/11 11:42:32 | 008,347,304 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtGui4.dll
MOD - [2013/06/11 11:42:32 | 002,256,552 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtCore4.dll
MOD - [2013/06/11 11:42:32 | 000,372,392 | ---- | M] () -- C:\Windows\winsxs\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.2.135_none_a02ac40d56adfe65\QtXml4.dll
MOD - [2010/12/16 16:25:00 | 000,233,472 | ---- | M] () -- C:\Program Files (x86)\tds\TDS Backup Online\imageformats\qmng4.dll
MOD - [2010/12/16 16:25:00 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\tds\TDS Backup Online\imageformats\qico4.dll
MOD - [2010/12/16 16:25:00 | 000,026,112 | ---- | M] () -- C:\Program Files (x86)\tds\TDS Backup Online\imageformats\qgif4.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/05/23 16:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/30 22:42:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/19 21:28:21 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/10 03:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/01/22 00:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/22 00:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/11 18:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={searchT...startPage}&rlz=
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.6.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.6.1.02
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={BBE22C73-B31F-4116-BCFF-819129D30C21}&Version=3.6.5&Vintage=20120834&Defaultbrowserid=53&Productid=155&Vendorid=6477&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 12:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/09/30 22:42:16 | 000,000,000 | ---D | M]

[2012/03/14 09:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/09/26 20:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
[2013/09/12 19:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
[2013/09/30 22:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/30 22:42:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 22:42:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/09/30 22:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/30 22:42:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 22:42:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/28 15:52:34 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\

O1 HOSTS File: ([2013/06/11 14:47:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [F-Secure Hoster] C:\Program Files (x86)\tds\TDS Backup Online\fshoster32.exe (F-Secure Corporation)
O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/08 16:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 16:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/10/07 15:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
[2013/10/07 14:53:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/05 18:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/10/05 17:56:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/05 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013
[2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/09/30 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
[2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/09 19:26:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\cache
[2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/10/07 16:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/07 16:11:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 16:11:14 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/07 16:02:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
[2013/10/07 16:01:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/06 17:02:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
[2013/10/06 17:01:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/05 18:10:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/05 18:10:37 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/05 10:19:50 | 000,003,011 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2013/10/01 09:46:09 | 000,002,051 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/30 23:15:05 | 000,001,643 | ---- | M] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
[2013/09/22 15:26:45 | 000,000,955 | ---- | M] () -- C:\Users\Administrator\Documents\Pie crust.rtf
[2013/09/21 22:36:02 | 000,011,193 | ---- | M] () -- C:\Users\Administrator\Documents\Rabbit costs.ods
[2013/09/19 21:28:20 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 21:28:20 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/09 19:27:32 | 000,003,740 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/10/05 10:19:50 | 000,003,011 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2013/09/30 23:15:04 | 000,001,643 | ---- | C] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
[2013/09/22 15:26:44 | 000,000,955 | ---- | C] () -- C:\Users\Administrator\Documents\Pie crust.rtf
[2013/09/09 19:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/11 14:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 14:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 14:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 14:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 14:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/12/13 10:46:50 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/22 13:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
[2011/09/22 13:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
[2011/09/22 13:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
[2011/09/22 13:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
[2011/09/22 13:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
[2011/09/22 13:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
[2010/03/21 21:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 00:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2011/02/13 09:15:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acreon
[2012/05/23 08:39:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2011/09/29 14:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2011/09/20 18:19:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Elluminate
[2010/03/21 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010/02/07 01:17:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Millennia
[2010/02/20 16:57:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2013/06/22 08:19:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012/06/05 17:07:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
OTL Extras logfile created on: 10/7/2013 4:34:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 59.60% Memory free
7.99 Gb Paging File | 5.91 Gb Available in Paging File | 73.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265.66 Gb Total Space | 162.30 Gb Free Space | 61.09% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02109923-58DE-436D-99FF-1C6DD6DCEB2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04C551AF-F1EC-4FA1-8D32-1E8A952E3B11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{064ECA90-EA85-4D15-A161-50C2345CA124}" = lport=57511 | protocol=6 | dir=in | name=pando media booster |
"{10851AFF-F029-43D2-9351-1E16C1FBA732}" = lport=57471 | protocol=6 | dir=in | name=pando media booster |
"{1BE9DBF6-CC29-4CE6-8EB1-4955D9555724}" = lport=57471 | protocol=17 | dir=in | name=pando media booster |
"{1D3C15FD-83BD-4A52-A91C-23F554087069}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21C3F113-25C0-4EF0-9677-2D6FC3899A39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{296DDE05-E3D3-4B37-B5A6-5BEB77E8E1FF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2DD6F556-97A1-43CE-A99F-A68D729FB428}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EA41563-AA5A-4568-8311-16BCAA54E556}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3739787A-BF42-447A-9366-07E7499551BE}" = lport=57471 | protocol=17 | dir=in | name=pando media booster |
"{3B893F0D-45C7-45BC-8565-E4D8E588D879}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BEBCE02-90E6-49C2-AB8E-D0E133F973C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{3EAC3896-AB20-408A-B67F-FCD282957212}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FBDCD98-6359-43BC-8966-6AC5360C751B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41FDEC60-1232-4C72-AFA7-38E9E76C6F9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E4A9301-16EE-4A5E-AFC0-4E1F563A61BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F0080C5-39C7-41E1-B1C6-C578ED583E9B}" = lport=57471 | protocol=6 | dir=in | name=pando media booster |
"{544C6F0B-BB87-432E-ADED-420D13C3CF08}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AEAFD0F-EFF7-4399-B4DB-D7236F445CD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6D99F18E-E6E9-4872-A377-A1D526D8E516}" = lport=445 | protocol=6 | dir=in | app=system |
"{782F927A-1613-4631-9190-154E2545688B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A0A307E-7CEC-42D2-9D8F-DF075DFB74DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{88381AFE-21D5-44F7-9B09-0ACCE6C3F4A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AD6B1F2-34BF-43A9-809D-EE7ECA4C05E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D6326E2-C029-4F58-8CDF-06FC3251BE58}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EBF65DD-2B6A-4005-9D74-B7BC6D054773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{91203BDD-77BA-4939-A9DB-556F1A9F5DEA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5CECE3A-9524-4A29-82CB-F8BD859917A5}" = lport=57511 | protocol=17 | dir=in | name=pando media booster |
"{A9AB3E78-5AA2-48B4-982A-9D689C8F22CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B078800F-29A5-42ED-8248-77313FE6C9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B4C2AC26-7480-4373-83DC-78B5B14016F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{BD314197-D008-4C50-951B-84E84E46F648}" = lport=57511 | protocol=6 | dir=in | name=pando media booster |
"{CB1F74EC-0FED-4478-9607-229EB472B727}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D11369EC-51CF-4002-9BB9-EE281CD4D2E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DA8E7325-DDA2-4C7B-A685-F6559E446910}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8D623BE-862D-4603-8890-AB6C3C543B6F}" = lport=57511 | protocol=17 | dir=in | name=pando media booster |
"{EEE4E301-CE29-4C52-AC30-7770BEFF820C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7E7FAD8-7360-4935-B119-9702984957AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00311F48-0F29-488F-8C3B-D8648ED5B8F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0408E68F-5B84-4FD5-A49A-7A30B8F656C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04D6EC3C-DFDF-417A-86F7-DB603D0C3114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08D93482-047A-496E-B19B-8581EF1E8FF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0AC43648-D635-49D6-9A04-AC09668D7698}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B558FDA-3ED4-49F4-8BEC-F6125F84A329}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0CF63E0B-8161-47D7-A6B8-FCDC89A45540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0EC91F12-DDFD-42E0-9049-490C8F1B7F50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{104CD85C-ED0C-4635-A9A0-2B2C02392CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10EEAB44-3FB5-4546-8F4D-6B662040E271}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{1277EADC-BC10-4311-BCE1-A523BB6E5FA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12C0DE8F-7F77-45A3-AE45-3FBE9042DCEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14174ECC-7EA3-4A1B-95DE-36089B84A920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1474766B-FA9C-47AB-8436-892E79C2F0BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14C87901-7B5F-4B45-B817-DDE0E2FC6043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16FD6CFF-9A27-4474-98DB-665AD42EE260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18D10E0E-A629-4B6B-8438-BAB97290F472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19FD5AA3-521D-4117-8B7F-CB50F87DF1EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20A40D95-2BBE-4DDE-AA0F-C2975794750A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{228B0EE6-2D47-4C8F-B09C-11DA7E9DD6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23602F4D-5DF3-439E-82E1-75678C205C62}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{2496A364-E9AE-4967-8912-324E9FFC8BAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24FDC758-0F07-41FB-9ED0-83C92BBF9798}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28FC52AE-8D12-4B3C-8637-BF69F91333FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2952C625-8D4E-44D4-8C51-F3D64E6F18A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A98A467-D1D5-4D42-96B6-A6D59745F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2AF5D644-C2C7-4B41-A699-CFABD4C0886A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CB99F0C-AEDF-49D1-98B5-B12720325EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E7C2F63-4C81-42B5-9F4D-329D254FA816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31E2B3FA-2F3B-42AE-9031-39B0D7B9F489}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3329FB89-E472-446A-9834-B76074720973}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{381609CE-9224-4731-B63C-99147B00F0D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38940A29-65AC-4309-8F0F-C470EA8E98D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A119B52-6641-40C5-9250-44E0A5CA31A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3AEC39A4-C52A-4E25-B15B-5E4A0D0C9502}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B936A4D-70FE-40F9-9EA3-AD6F7F871809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DA3F282-D4F4-4243-A23C-E23952092F02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DDFC953-A27E-44E5-8C93-6F65A09D309C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{40BB3EF8-E0E7-481D-A010-C23990311C93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41E8B170-DFFC-454C-9CFF-2C7E22971EB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42C60383-4B87-4251-91F4-18A94593512E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4331AB8D-40FB-41AE-AEAA-A90D87C2F121}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{46C9A6B9-42DD-4E13-AF03-0F9CC7C13DD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{472BD21F-430D-4ABC-82A6-E8C338BB9091}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47E2DBF7-BCEE-43B4-BF60-BAE3F5356CE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{493F3844-E423-4F17-B42C-1BED80F15B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{494FDB24-D4AD-4588-8530-651E7A5DBCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{4AD8ACF5-2367-4F09-AB36-0522F3D2A98C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4FCA9B9C-5B8B-4107-A0B2-08F4B53C4190}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{553A812A-53FB-4CE9-AA15-9BB558B72340}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55A3E1DA-59DC-40D7-B5B7-BF379B56D4EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55E1080F-9D79-4A6F-B019-79199FCCEEF1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{56186BAB-E98C-4283-8FF4-3F8B81098673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{56426541-6346-4775-88C8-019A29A81E3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{59DCF8A9-8678-4DD9-850B-75B38745B467}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DD658B6-61C5-485E-B520-99A260D45565}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E2740FB-0851-4226-B44D-92AAFAB7313F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{629A74DD-A90E-422F-A071-018401BCF3A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{645F4D2E-269E-42A4-B8BC-6008795F73C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6994F34D-EB6D-4302-96C4-392C926E4AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C7D6119-C9B4-4B17-AD9D-B52B1B771392}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D5E9F76-E9F8-41E6-966E-262787127F87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6DB3BF43-3B70-487D-8BD3-513F90446D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E7E7A67-43B7-41E9-B498-42A8A098BF55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{745188ED-E5ED-4EA6-B3D4-C74B243B94D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{752E9BFE-EC43-453F-9799-BF17FE4BBDD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75993784-FD3C-41F1-B94C-15DD585A101C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79ACCB2A-C3D2-4519-B964-1AE5D186731D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D284FB7-EAAA-4E7D-B807-3AD5E6B59621}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F61BB87-8A88-47FB-8A0D-05F0078EE8D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83586608-9402-4AF5-ABE9-A2D8A6E4D0E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83C70BFC-6935-4C1C-AB8E-EE0907ACC97E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83CDBE8E-D964-4C56-B1A6-07DEE8BCA7C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{845FD6AD-AE20-4E76-B8B2-41CDC9EC7826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8626B8CB-8CD8-4792-A39C-FE5D6EABCED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{874D639B-D876-4D1E-91CA-B72868813AC2}" = protocol=6 | dir=out | app=system |
"{877E6A9C-6D1A-4C11-B8BA-666419921E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89777727-4B2E-43A5-AB4E-7D69873AEDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{8C0E317F-C29B-43D6-B206-A5346A9E0118}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C697BA1-B55D-4AFE-B534-4E096B6D4DA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D40D627-D45F-401C-974F-11FBB1F41ADF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8FFA4002-75F3-4C5F-BBCA-0B659B2A052D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{91FA20F8-1720-49CF-8B50-B7FA1171776F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92811427-FC93-418C-A6CB-5AE7E3287848}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92CBCB8D-A58A-40AA-AF7B-65B22C28000B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9349092F-74E4-46AC-B3DF-FC4D647D8F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9539FFAC-6BA1-459C-B82E-B0F63EE5A9C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9548D6C9-91ED-4D1A-8A5A-732A60988442}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{977FA503-4BA5-4DEA-B182-897A2D3F7762}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97AE8968-DDEE-4446-AF88-058AAA43C64D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97E72EF4-70F7-4B4B-8347-3940B2B04B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A342156-B72E-4324-A74C-DC5DD9529ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B05355E-1802-4EB7-A38C-634BCA293C50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9BF2E0E9-4679-48C4-AF61-12EC0E6B964D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C8A57E6-B5FA-47E2-BF61-935E2FF02067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A127AC3E-077E-4943-B32E-A9F0A3E51929}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A230FE8D-6697-4351-A7D1-27781AD245C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A3484B5C-9035-4D89-B4CE-0B6D4A2E6822}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A72A86E5-FC5D-4524-8A71-6191B9F999FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A78AF983-0C55-4F79-AEF0-37BD19267F5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8A27C97-C374-4052-BC4D-A91116B46E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{A932002F-7F95-4451-BF44-70501FE751E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9BB6C83-F497-44C7-9706-6C45CB9419CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0A00A4A-98AF-479F-A60E-BF78E5900747}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1BCB113-EAEE-48EB-878B-E617CF367039}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1F1CDE1-8EB7-4451-9ACA-4D80674026D4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2CD3F33-6D33-4173-94E7-9701EBF4D020}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B370784D-EDB8-4DB5-8F43-BB6907ABA93E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B39E4FC6-2F10-45F4-9038-6241CE6B1FE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B414A20A-952C-449F-A094-98D82671D2E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8A3BE06-8D51-4E8C-B217-1DCB9B7E9134}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA23ED01-CB99-4643-8117-16087874DD3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BEC0A3EF-A18D-45FA-B8AD-0ABDCC7CFFE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF3E7038-B4AD-4AD0-8BF7-777D2652C65B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C13DEF69-1C49-4C49-95E2-066F8B8CC68F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1F1BEF2-B36D-400A-AD00-CF33ECB9F84D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C454A1FB-0942-43DA-AC46-CAFD3396C5D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C563A4E2-B99B-468B-9DEE-FB8402CB82A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C69F6E37-D1FD-48A4-B994-7560838BD72D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C991BA2E-8BDF-4E2F-99E7-0FDA0E999293}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CA7BAACB-1DB2-4251-AC1D-C44C660181EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAF18376-20C9-4A1B-AB3A-85A60D877CA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CBBF97A8-D882-4E17-BBC4-BC9156111481}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D23F8664-DB14-4685-99E9-455AB57F5F6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D24917D9-BD42-4CAF-BBCB-CE7B22B3EA3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2D67EF8-C8FD-471F-B44F-B378EBDEFD78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D367154C-62CA-4A86-BD04-986431A491AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3BA2A03-BBDF-4AFA-9A18-0EF8E016C1B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D44436BF-CF2E-4027-A2E2-00189BAFFF65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D65C7866-91A4-40F6-8440-9D213167241F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6D8519B-6550-42BF-A8D9-ACD187E4E089}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9C62700-3E99-4705-8175-8D7F6D506A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA6DAA1C-8EF4-4F74-9D26-5729392A9E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB3B50FE-33D8-4DB1-A298-931E80D7139C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{DCC7FDE4-10D5-49D6-9C6A-CD0477C3E48D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{DDDB42EB-3402-4CE0-B135-D1667D27D8F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE69BFBA-C195-448D-BA58-01C96C855408}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E29F3C5D-0A90-43DB-8226-45BC27C1F98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3A9F768-D423-40F9-BECD-78A7DB887B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4BD17C6-045D-441D-AB32-75EF7E754742}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7642C57-68C8-494D-B6F1-49FB326787E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7EB89A0-8477-4574-91B1-4958D9CE8444}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9C7D95A-0F44-480A-BF48-4B6AE48D5156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9E2A5FF-48BB-4890-A2F2-A6982A70FEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFB3E86-8026-40DA-BFEC-FE3E05258632}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBC0D362-AE58-48D5-B25F-9023D3FB0054}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE311C9B-B13A-4CE4-B110-26683A4F4E6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFA59528-040C-416C-A2EB-8A01B4A45E24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F075781E-BB22-47C6-B021-5FD16161F42F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0D1A1CE-4718-417B-AC9C-4E7B0CB9FCB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0F9E34F-EB8F-4215-ACE3-9471A8AE98BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4B26AC3-0ECF-419D-B758-0BC4E797D9C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F656EA24-FDD9-48E0-BA1F-1024D4BC6C15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F7A14DFD-2E65-4832-BDC2-166239565309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9852E3F-B21A-4139-86A4-708CDD6AB8AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB5D52DF-4EC4-4177-9FAE-3CA2B7437FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB7DF6E2-709E-4978-A092-777FA9F75251}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{1B7F224C-C0A2-44EE-922A-D44B04250C2F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{ACBFBD4B-9672-4760-817F-E75ED880DDE9}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{EBF520A1-D2C6-436B-BC4B-F7FAB1EE5B11}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{5DDE8B11-E298-4964-B616-A9213A2EF60A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{A4D17D4A-B5B4-4939-B113-40969E46F370}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{D88F583E-B15E-49D0-9152-7C5FDF9A5E64}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"AVG" = AVG 2013
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype? 6.6
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BEE60DC8-E9C0-49E9-868B-8E07052FC14D}" = TDS Backup Online
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online? v03.04.04.8012
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"ATITool" = ATITool Overclocking Utility
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DMUninstaller" = DMUninstaller
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HaaliMkx" = Haali Media Splitter
"Legacy 7.0" = Legacy 7.0
"LegacyChart7_is1" = Legacy Charting 7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

< End of report >

Work smart not hard..
AfterDawn Addict
_
7. October 2013 @ 18:31 _ Link to this message    Send private message to this user   
OK Heather, you're doing OK.

As I said, it will take me some time to review the logs and write a fix for you so, don't get too impatient.

While I am going over the logs I have, please do the following:

1.) Run Combofix:

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?


2.) Right now you don't have an AntiVirus and this is the best one....

Download and install Avast Antivirus from here -> HERE.



OH, just a guess are you in or near Madison, Wisc.?

Any Problems? Please let me know so I may help...

2oG
Heaseba
Newbie
_
7. October 2013 @ 23:20 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
OK Heather, you're doing OK.

As I said, it will take me some time to review the logs and write a fix for you so, don't get too impatient.

While I am going over the logs I have, please do the following:

1.) Run Combofix:

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?


2.) Right now you don't have an AntiVirus and this is the best one....

Download and install Avast Antivirus from here -> HERE.



OH, just a guess are you in or near Madison, Wisc.?

Any Problems? Please let me know so I may help...

2oG
I installed Avast, but I can't see how to disable it while I run combofix..nvm I found it. will post log shortly


Work smart not hard..

This message has been edited since posting. Last time this message was edited on 7. October 2013 @ 23:22

Heaseba
Newbie
_
7. October 2013 @ 23:44 _ Link to this message    Send private message to this user   
Originally posted by Heaseba:
Originally posted by 2oldGeek:
OK Heather, you're doing OK.

As I said, it will take me some time to review the logs and write a fix for you so, don't get too impatient.

While I am going over the logs I have, please do the following:

1.) Run Combofix:

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer.

"information and logs"

In your next post I need the following
Log from Combofix
let me know of any problems you may have had
How is the computer doing now?


2.) Right now you don't have an AntiVirus and this is the best one....

Download and install Avast Antivirus from here -> HERE.



OH, just a guess are you in or near Madison, Wisc.?

Any Problems? Please let me know so I may help...

2oG
I installed Avast, but I can't see how to disable it while I run combofix..nvm I found it. will post log shortly

I am in Michigan. The computer seems to be doing great. I haven't noticed any problems, but I had NO IDEA I was infected. Just thought my ISP was pathetic.. It probably IS pathetic, but the viruses etc can't have helped.



ComboFix 13-10-04.02 - Administrator 10/07/2013 23:26:30.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4094.2327 [GMT -4:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\075884af680ff6dc.fb
c:\windows\SysWow64\Cache\227113dfa1ca894d.fb
c:\windows\SysWow64\Cache\49fbbc5a8678d502.fb
c:\windows\SysWow64\Cache\5c54eb1a1655b076.fb
c:\windows\SysWow64\Cache\613e8ce7ab7106af.fb
c:\windows\SysWow64\Cache\633a76311867bd11.fb
c:\windows\SysWow64\Cache\691f14230153a9e1.fb
c:\windows\SysWow64\Cache\6cb409d7ac73d9f1.fb
c:\windows\SysWow64\Cache\7614bd6cfa99e546.fb
c:\windows\SysWow64\Cache\77664b6ccc36be9f.fb
c:\windows\SysWow64\Cache\881b3593316772f0.fb
c:\windows\SysWow64\Cache\98657d0579ae1930.fb
c:\windows\SysWow64\Cache\a599b684fd37bb09.fb
c:\windows\SysWow64\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\SysWow64\Cache\d9ca663388d21ec0.fb
c:\windows\SysWow64\Cache\f2cda51fd108941f.fb
c:\windows\SysWow64\Cache\f34d8db84131d925.fb
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\windows\erdnt\cache86\userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-08 to 2013-10-08 )))))))))))))))))))))))))))))))
.
.
2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\Heather Sebald\AppData\Local\temp
2013-10-08 03:31 . 2013-10-08 03:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-07 21:40 . 2013-08-30 07:48 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-10-07 21:40 . 2013-08-30 07:48 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-10-07 21:40 . 2013-08-30 07:48 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-10-07 21:40 . 2013-08-30 07:48 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-10-07 21:40 . 2013-08-30 07:48 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-10-07 21:40 . 2013-08-30 07:48 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-10-07 21:40 . 2013-08-30 07:48 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-07 21:40 . 2013-08-30 07:48 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-10-07 21:40 . 2013-08-30 07:47 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-07 21:39 . 2013-08-30 07:47 41664 ----a-w- c:\windows\avastSS.scr
2013-10-07 21:39 . 2013-10-07 21:39 -------- d-----w- c:\program files\AVAST Software
2013-10-07 21:39 . 2013-10-07 21:39 -------- d-----w- c:\programdata\AVAST Software
2013-10-07 18:53 . 2013-10-07 18:53 -------- d-----w- c:\windows\ERUNT
2013-10-05 22:11 . 2013-10-05 22:11 -------- d-----w- c:\programdata\boost_interprocess
2013-10-05 21:56 . 2013-10-05 22:09 -------- d-----w- C:\AdwCleaner
2013-10-05 21:52 . 2013-10-05 21:52 -------- d-----w- c:\users\Administrator\AppData\Local\Avg2013
2013-10-05 14:19 . 2013-10-05 14:19 388096 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-10-05 14:19 . 2013-10-05 14:19 -------- d-----w- c:\program files (x86)\Trend Micro
2013-09-09 23:27 . 2013-09-09 23:27 -------- d-----w- c:\users\Administrator\AppData\Local\AVG SafeGuard toolbar
2013-09-09 23:26 . 2013-09-10 00:26 -------- d-----w- c:\programdata\AVG SafeGuard toolbar
2013-09-09 23:26 . 2013-09-09 23:25 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-09-09 23:26 . 2013-09-09 23:26 -------- d-----w- c:\program files (x86)\AVG SafeGuard toolbar
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-20 01:28 . 2012-04-16 17:11 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-20 01:28 . 2011-06-13 13:36 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files (x86)\Family Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files (x86)\Family Toolbar\tbcore3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Hoster"="c:\program files (x86)\tds\TDS Backup Online\fshoster32.exe" [2011-09-01 139264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-10-03 6588144]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-21 19875432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys;c:\windows\SYSNATIVE\DRIVERS\Lbd.sys [x]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys;c:\windows\SYSNATIVE\drivers\SBREdrv.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWRVRT
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 01:28]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 20:49]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-28 20:49]
.
2013-10-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 20:49]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-02 20:49]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-11 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-11 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-11 363544]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mStart Page = hxxp://search.myheritage.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
Trusted Zone: facebook.com\apps
TCP: DhcpNameServer = 192.168.0.1 216.170.153.146
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\loaul1ak.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL -
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-UnityWebPlayer - c:\users\Administrator\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,04,
6d,c3,8d,47,09,ab,e6,90,9a,f3,92,69,5e
"{739df940-c5ee-4bab-9d7e-270894ae687a}"=hex:51,66,7a,6c,4c,1d,3b,1b,50,e6,8d,
68,dd,9e,c0,04,80,73,63,48,96,e5,2c,67
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,47,90,
b5,6f,75,bf,01,92,76,b5,b7,87,51,00,8a
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:93,fa,52,52,c5,87,ce,01
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,3d,28,89,3b,fa,9b,42,82,36,3d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,37,3d,28,89,3b,fa,9b,42,82,36,3d,\
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\tds\TDS Backup Online\apps\Online Backup\agmailagent.exe
.
**************************************************************************
.
Completion time: 2013-10-07 23:38:34 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-08 03:38
ComboFix2.txt 2013-06-11 18:56
.
Pre-Run: 175,037,456,384 bytes free
Post-Run: 174,925,455,360 bytes free
.
- - End Of File - - 7899AEEC3BD833CD927B1BE47BAB44CD
A36C5E4F47E84449FF07ED3517B43A31

Work smart not hard..
AfterDawn Addict
_
8. October 2013 @ 09:55 _ Link to this message    Send private message to this user   
Good Morning Heather,

You are doing good and looking a lot better now. We still have some work to do and I'll be in and out today so will try my best to get something back to you before very long.. Hang in there, you'll be OK for now..

2oG
AfterDawn Addict
_
8. October 2013 @ 18:06 _ Link to this message    Send private message to this user   
Hi Heather,

I hope this is about all it will take to get you clean. Do the following and we will see.:)

-Uninstall some programs-

NOTE** Because of the cleanup process some of the programs I have listed may not
be in add/remove anymore this is fine just move to the next item on the list.

Hold down the Windows key (bottom left on keyboard next to the Ctrl key) then
press the ?R? key. The Run box will open. Then type or copy/past appwiz.cpl
into the box and click OK.

The Unistall or change a program list will be opened.
Click each Entry, as follows, one by one, if it exists, choose
Uninstall, and give permission to Continue:

Java(TM) 6 Update 33
Java Auto Updater
InstallIQ Updater
TDS Backup Online
SUPERAntiSpyware
Adobe Reader 10.1.7


Take extra care in answering questions posed by any Uninstaller.
When the program(s) have been uninstalled, please close Control Panel

Your Java was out of date. Older versions have vulnerabilities that
malware can use to infect your system.
Because you have OpenOffice, you will need to install the latest version of Java.

Upgrading Java:
? Download the latest version of JRE 7 Update 40.
? Click the "Free Java Download" button.
? Click the ?Agree and Start Free Download? button.
? Click on the download link for your system and save it to your desktop.
Close any programs you may have running - especially your web browser.
? Then from your desktop double-click on the download to install the
newest version.(Vista/7 users, right click on the JRE download and select "Run
as an Administrator.")

Upgrading Adobe Reader
The installed version of Adobe Reader on this computer was out-dated. Install
the latest version of Adobe Reader available from Adobe. OR because Adobe is a target for malware. My recommendation is SumatraPDF which is light and will do the same thing as Adobe without being a target for malware?


Let me know How things are doing.
If this clears it, we may not need to go any deeper, let me know and I will finish up. You will need to run a cleanup of the programs I had you use..

2oG
Heaseba
Newbie
_
8. October 2013 @ 20:55 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Hi Heather,

I hope this is about all it will take to get you clean. Do the following and we will see.:)

-Uninstall some programs-

NOTE** Because of the cleanup process some of the programs I have listed may not
be in add/remove anymore this is fine just move to the next item on the list.

Hold down the Windows key (bottom left on keyboard next to the Ctrl key) then
press the ?R? key. The Run box will open. Then type or copy/past appwiz.cpl
into the box and click OK.

The Unistall or change a program list will be opened.
Click each Entry, as follows, one by one, if it exists, choose
Uninstall, and give permission to Continue:

Java(TM) 6 Update 33
Java Auto Updater
InstallIQ Updater
TDS Backup Online
SUPERAntiSpyware
Adobe Reader 10.1.7


Take extra care in answering questions posed by any Uninstaller.
When the program(s) have been uninstalled, please close Control Panel

Your Java was out of date. Older versions have vulnerabilities that
malware can use to infect your system.
Because you have OpenOffice, you will need to install the latest version of Java.

Upgrading Java:
? Download the latest version of JRE 7 Update 40.
? Click the "Free Java Download" button.
? Click the ?Agree and Start Free Download? button.
? Click on the download link for your system and save it to your desktop.
Close any programs you may have running - especially your web browser.
? Then from your desktop double-click on the download to install the
newest version.(Vista/7 users, right click on the JRE download and select "Run
as an Administrator.")

Upgrading Adobe Reader
The installed version of Adobe Reader on this computer was out-dated. Install
the latest version of Adobe Reader available from Adobe. OR because Adobe is a target for malware. My recommendation is SumatraPDF which is light and will do the same thing as Adobe without being a target for malware?


Let me know How things are doing.
If this clears it, we may not need to go any deeper, let me know and I will finish up. You will need to run a cleanup of the programs I had you use..

2oG
ok.. I have done everything you have asked, including the reinstalls of java and the alternate adobe. So far, so good :D How do I clean up the programs I used?
I was wondering.. hubby's comp is running slowly also. Would it hurt anything for him to do all these things, also?

Work smart not hard..

This message has been edited since posting. Last time this message was edited on 8. October 2013 @ 20:57

AfterDawn Addict
_
8. October 2013 @ 21:25 _ Link to this message    Send private message to this user   
Quote:
ok.. I have done everything you have asked, including the reinstalls of java and the alternate adobe. So far, so good :D How do I clean up the programs I used?
I was wondering.. hubby's comp is running slowly also. Would it hurt anything for him to do all these things, also?
Quote:
Would it hurt anything for him to do all these things, also?

Yes it would hurt. Computers are like people and snowflakes, no two are alike and the fixes for one can completely destroy another.....

Before we declare you clean, I saw a few things in one of the logs I would like to get rid of before we finish, that is if you have the time.

Also after we finish you can have your hubby come on with his puter and I fix him up....

Right now please start OTL, run a scan and post it for a last look before we close the doors on this one.

2oG
Heaseba
Newbie
_
9. October 2013 @ 09:15 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Quote:
ok.. I have done everything you have asked, including the reinstalls of java and the alternate adobe. So far, so good :D How do I clean up the programs I used?
I was wondering.. hubby's comp is running slowly also. Would it hurt anything for him to do all these things, also?
Quote:
Would it hurt anything for him to do all these things, also?

Yes it would hurt. Computers are like people and snowflakes, no two are alike and the fixes for one can completely destroy another.....

Before we declare you clean, I saw a few things in one of the logs I would like to get rid of before we finish, that is if you have the time.

Also after we finish you can have your hubby come on with his puter and I fix him up....

Right now please start OTL, run a scan and post it for a last look before we close the doors on this one.

2oG
I have the time.. lol...but what is OTL? (I'm kidding)

Work smart not hard..

This message has been edited since posting. Last time this message was edited on 9. October 2013 @ 09:18

Heaseba
Newbie
_
9. October 2013 @ 09:26 _ Link to this message    Send private message to this user   
You said
"Also after we finish you can have your hubby come on with his puter and I fix him up...."

He says "Thank you."
File below.

OTL logfile created on: 10/9/2013 9:17:26 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 60.21% Memory free
7.99 Gb Paging File | 6.29 Gb Available in Paging File | 78.74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265.66 Gb Total Space | 163.55 Gb Free Space | 61.56% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/10/09 09:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/10/08 18:29:19 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
PRC - [2013/09/30 22:42:23 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/08/30 03:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/10/08 18:29:18 | 016,233,864 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
MOD - [2013/09/30 22:42:22 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/08/30 03:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/10/08 18:29:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/30 22:42:22 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/21 09:53:36 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/26 00:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/09 11:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/08/30 03:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 03:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 03:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 03:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 03:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 03:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 03:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 03:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/01/22 00:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/22 00:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/11 18:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD22}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={searchT...startPage}&rlz=
IE - HKCU\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.6.1
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}:4.6.1.02
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
FF - prefs.js..extensions.netassistant.keyword.url: "http://click.w3i.com/?Programid=132&Elementname=Keyword&Applicationid={BBE22C73-B31F-4116-BCFF-819129D30C21}&Version=3.6.5&Vintage=20120834&Defaultbrowserid=53&Productid=155&Vendorid=6477&Offerid=6894&searchterm="
FF - prefs.js..keyword.URL: ""
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 12:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/07 17:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/10/08 20:05:21 | 000,000,000 | ---D | M]

[2012/03/14 09:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/09/26 20:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
[2013/09/12 19:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
[2013/10/08 20:00:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/09/30 22:42:15 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 22:42:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/30 22:42:13 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/09/30 22:42:23 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/28 15:52:34 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Skype Click to Call = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: Chrome In-App Payments service = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/10/07 23:33:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/08 16:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 16:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/10/09 09:17:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/10/08 20:53:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SumatraPDF
[2013/10/08 20:52:35 | 004,058,096 | ---- | C] (Krzysztof Kowalczyk) -- C:\Users\Administrator\Desktop\SumatraPDF-2.3.2-install.exe
[2013/10/08 20:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/08 20:43:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/08 20:43:31 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/08 20:43:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/08 20:43:27 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/08 20:43:27 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 20:43:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/08 20:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/08 20:10:32 | 000,913,832 | ---- | C] (Oracle Corporation) -- C:\Users\Administrator\Desktop\jxpiinstall.exe
[2013/10/08 20:01:33 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013/10/07 23:34:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/10/07 17:40:15 | 000,378,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/07 17:40:15 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/07 17:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/10/07 17:40:12 | 000,072,016 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/07 17:40:10 | 000,064,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/07 17:40:08 | 001,030,952 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/07 17:40:03 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/07 17:40:03 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/07 17:39:46 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/07 17:39:31 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/07 17:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/07 15:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RK_Quarantine
[2013/10/07 14:53:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/05 18:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/10/05 17:56:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/05 17:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Avg2013
[2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/10/05 10:19:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2013/09/30 22:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
[2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/10/09 09:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2013/10/09 09:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/09 09:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
[2013/10/09 09:02:52 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 09:02:52 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 08:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/09 02:07:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
[2013/10/08 20:52:45 | 004,058,096 | ---- | M] (Krzysztof Kowalczyk) -- C:\Users\Administrator\Desktop\SumatraPDF-2.3.2-install.exe
[2013/10/08 20:43:23 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/08 20:43:22 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2013/10/08 20:43:22 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013/10/08 20:43:22 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/08 20:43:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/08 20:43:22 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/08 20:10:17 | 000,913,832 | ---- | M] (Oracle Corporation) -- C:\Users\Administrator\Desktop\jxpiinstall.exe
[2013/10/08 20:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/08 18:29:19 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/10/08 18:29:19 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/10/07 23:33:56 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/10/07 23:32:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/07 23:32:21 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/07 17:40:16 | 000,001,929 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/07 17:40:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/10/05 10:19:50 | 000,003,011 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2013/10/01 09:46:09 | 000,002,051 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/09/30 23:15:05 | 000,001,643 | ---- | M] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
[2013/09/22 15:26:45 | 000,000,955 | ---- | M] () -- C:\Users\Administrator\Documents\Pie crust.rtf
[2013/09/21 22:36:02 | 000,011,193 | ---- | M] () -- C:\Users\Administrator\Documents\Rabbit costs.ods
[2013/09/09 19:27:32 | 000,003,740 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/10/08 20:53:26 | 000,001,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SumatraPDF.lnk
[2013/10/07 17:40:16 | 000,001,929 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/07 17:40:07 | 000,204,880 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/07 17:40:06 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/07 17:40:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/10/05 10:19:50 | 000,003,011 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2013/09/30 23:15:04 | 000,001,643 | ---- | C] () -- C:\Users\Administrator\Documents\medicinal trees.rtf
[2013/09/22 15:26:44 | 000,000,955 | ---- | C] () -- C:\Users\Administrator\Documents\Pie crust.rtf
[2013/09/09 19:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/11 14:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 14:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 14:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 14:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 14:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2011/12/13 10:46:50 | 000,743,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/22 13:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
[2011/09/22 13:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
[2011/09/22 13:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
[2011/09/22 13:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
[2011/09/22 13:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
[2011/09/22 13:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
[2010/03/21 21:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/22 00:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 01:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 00:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 08:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >

Are those blue highlighted items virus?Because I have no idea what the battlefield heroes is from and don't want it,or that 'bing' crap.

Work smart not hard..

This message has been edited since posting. Last time this message was edited on 9. October 2013 @ 12:29

AfterDawn Addict
_
9. October 2013 @ 12:58 _ Link to this message    Send private message to this user   
Hi Heather,

Well, you were clean enough but, I?m fussy about sweeping up after. This will clean up the leftover remnants and clean behind the refrigerator, so to speak :)


Run OTL Script


I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Double-click OTL.exe to start the program.

Copy and Paste the following code into the
text box.



:Commands
[clearallrestorepoints]

:OTL
DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
[2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
[2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Family Toolbar

:Commands
[PURITY]
[emptytemp]



Then click the Run Fix button at the top.
Click OK.

OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Note** if the report does not popup after the computer reboots you can find it here in this folder:
C:\_OTL\MovedFiles - It will be named ? mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.



On the malware front, you're clean!


We have a couple last things to take care of and then you're good to go.

Uninstall ComboFix from your computer:
? Click on Start > Run
? Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.




Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.
? Double-click OTC to run it. (Win7 right click on OTC and select "Run as an Administrator")
? Click on the CleanUp! button and follow the prompts.
? You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
? After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


I had you remove SuperAntiSpyware because it is just not as good as MalwareBytes AntiMalware. So I suggest you download -> MBAM and use it once a week or so?


That about does it so, let me know how things are doing.

2oG



There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Heaseba
Newbie
_
9. October 2013 @ 16:46 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Hi Heather,

Well, you were clean enough but, I?m fussy about sweeping up after. This will clean up the leftover remnants and clean behind the refrigerator, so to speak :)


Run OTL Script

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Double-click OTL.exe to start the program.

Copy and Paste the following code into the
text box.


:Commands
[clearallrestorepoints]

:OTL
DRV:64bit: - [2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
IE - HKCU\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll ()
FF - prefs.js..extensions.enabledItems: avg@toolbar:11.0.0.9
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll ()
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
[2013/09/09 19:27:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
[2013/09/09 19:26:54 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/09/09 19:26:20 | 000,046,368 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/09/09 19:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/09/09 19:25:55 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2011/12/13 10:50:49 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2010/02/20 16:10:59 | 000,032,256 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

:Files
ipconfig /flushdns /c
C:\Program Files (x86)\Family Toolbar

:Commands
[PURITY]
[emptytemp]



Then click the Run Fix button at the top.
Click OK.

OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Note** if the report does not popup after the computer reboots you can find it here in this folder:
C:\_OTL\MovedFiles - It will be named ? mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.



On the malware front, you're clean!


We have a couple last things to take care of and then you're good to go.

Uninstall ComboFix from your computer:
? Click on Start > Run
? Type Combofix /u in the run box and click Ok. Note the space between the x and the /u, it needs to be there.




Over the course of the fix you've used a variety of special tools to help with the cleaning process - none of these are of any use to you now that you're clean, and it's best not to have them hanging around on your computer. OTC is a small program that removes all the leftover tools and logs from cleanup of malware.

Please download OTC to your desktop.
? Double-click OTC to run it. (Win7 right click on OTC and select "Run as an Administrator")
? Click on the CleanUp! button and follow the prompts.
? You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
? After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.


I had you remove SuperAntiSpyware because it is just not as good as MalwareBytes AntiMalware. So I suggest you download -> MBAM and use it once a week or so?


That about does it so, let me know how things are doing.

2oG
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service avgtp stopped successfully!
Service avgtp deleted successfully!
C:\Windows\SysNative\drivers\avgtpx64.sys moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}\ deleted successfully.
C:\Program Files (x86)\Family Toolbar\tbhelper.dll moved successfully.
Prefs.js: avg@toolbar:11.0.0.9 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0C37B053-FD68-456a-82E1-D788EE342E6F}\ deleted successfully.
C:\Program Files (x86)\Family Toolbar\tbcore3.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar\SiteSafety folder moved successfully.
C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar\DNT folder moved successfully.
C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\Logger folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\skin folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\zh-tw folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\zh-cn folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\tr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\th folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\sv folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\sr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\sk folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ru folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ro folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\pt-br folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\pt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\pl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\nl folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\nb folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ms folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ko folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\ja folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\it folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\id folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\hu folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\hi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\fr folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\fi folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\es-es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\es folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\en folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\el folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\de folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\da folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\cs folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale\af folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\modules folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\locale\en-US folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\locale folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\components folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4\chrome folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.0.1.4 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt\17.0.1.4 folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar\ChromeExt folder moved successfully.
C:\ProgramData\AVG SafeGuard toolbar folder moved successfully.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
Folder C:\Program Files (x86)\AVG SafeGuard toolbar\ not found.
File C:\Windows\SysNative\drivers\avgtpx64.sys not found.
C:\Users\Administrator\AppData\Local\fusioncache.dat moved successfully.
C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\ProgramData\TEMP:0B4227B4 deleted successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
C:\Program Files (x86)\Family Toolbar folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1515215 bytes
->Temporary Internet Files folder emptied: 41249441 bytes
->Java cache emptied: 10096949 bytes
->FireFox cache emptied: 309369378 bytes
->Google Chrome cache emptied: 114427287 bytes
->Flash cache emptied: 141524 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Heather Sebald
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10639286 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 670 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 465.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10092013_164051

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\_avast_\unp10953955.tmp not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Work smart not hard..

This message has been edited since posting. Last time this message was edited on 9. October 2013 @ 16:52

AfterDawn Addict
_
9. October 2013 @ 17:27 _ Link to this message    Send private message to this user   
Quote:
didn't ask to reboot.Hope this is the right report.

Hi Heather,
Let's not worry about it, you're clean. How is your computer doing now?
You shouldn't have any problems and should be running faster...

Avast! is very good and should keep you well protected. Run MalwareBytes ever so often and you will be able to keep the bad guys out.:)

Have your Hubby come on to this thread and we will get him cleaned up also.

Nice working with you. You did an excellent job and I thank you for not making it rough on me. LOL

Til we meet again, have a "happy and safe surfing".

2old Geek, The number "2" not Too, old with a small "o" and Geek with a Capital "G"

I get the Bugs Out!



Oops!




There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...
Advertisement
_
__
 
_
Heaseba
Newbie
_
9. October 2013 @ 21:21 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Quote:
didn't ask to reboot.Hope this is the right report.

Hi Heather,
Let's not worry about it, you're clean. How is your computer doing now?
You shouldn't have any problems and should be running faster...

Avast! is very good and should keep you well protected. Run MalwareBytes ever so often and you will be able to keep the bad guys out.:)

Have your Hubby come on to this thread and we will get him cleaned up also.

Nice working with you. You did an excellent job and I thank you for not making it rough on me. LOL

Til we meet again, have a "happy and safe surfing".

2old Geek, The number "2" not Too, old with a small "o" and Geek with a Capital "G"

I get the Bugs Out!



Oops!

you are too funny... love the 'bug'.
My comp is running better than I can ever remember it running, so you did an awesome job of helping this OLD (with a capital O) lady get sorted out.

Work smart not hard..
 
Page:1234Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > addaware problems.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork