User User name Password  
   
Saturday 21.12.2024 / 09:10
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > addaware problems.
Show topics
 
Forums
Forums
addaware problems.
  Jump to:
 
Posted Message
Heather59
Junior Member
_
13. November 2013 @ 11:25 _ Link to this message    Send private message to this user   
Originally posted by ddp:
did you try a system restore to before that download?
no. I was forced to do a system restore a couple of months ago, which deleted my product code and turned my win7 into a 'non genuine version' and it doesn't give me an option to reinsert it, so I don't do system restores.

work smart..not hard.
Advertisement
_
__
AfterDawn Addict
_
13. November 2013 @ 12:15 _ Link to this message    Send private message to this user   
Originally posted by Heather59:
no. I was forced to do a system restore a couple of months ago, which deleted my product code and turned my win7 into a 'non genuine version' and it doesn't give me an option to reinsert it, so I don't do system restores.

Sorry you had to learn the hard way.


I didn?t check for that the last time. Are you still non genuine? Can you get windows updates?

I?m NOT the law, so we can still clean you and do a few workarounds.
I know nothinggg?..
ddp
Moderator
_
13. November 2013 @ 12:16 _ Link to this message    Send private message to this user   
you still have the product numbers for your win7 don't you?
Heather59
Junior Member
_
13. November 2013 @ 16:10 _ Link to this message    Send private message to this user   
Originally posted by ddp:
you still have the product numbers for your win7 don't you?
somewhere :( and THAT is the problem.. I have the disc's...SOMEWHERE....too.

work smart..not hard.
Heather59
Junior Member
_
13. November 2013 @ 16:14 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
Originally posted by Heather59:
no. I was forced to do a system restore a couple of months ago, which deleted my product code and turned my win7 into a 'non genuine version' and it doesn't give me an option to reinsert it, so I don't do system restores.

Sorry you had to learn the hard way.


I didn?t check for that the last time. Are you still non genuine? Can you get windows updates?

I?m NOT the law, so we can still clean you and do a few workarounds.
I know nothinggg?..

no windows updates since the restore. here are the logs you wanted. I have run 3 programs that an online 'remove dosearch.com' tutorial.
OTL logfile created on: 11/13/2013 11:30:49 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.52% Memory free
7.99 Gb Paging File | 6.24 Gb Available in Paging File | 78.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265.66 Gb Total Space | 160.75 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/11/06 11:31:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/10/09 08:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/08/30 02:47:34 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/07/02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/11/06 11:31:20 | 003,368,048 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/06 11:31:20 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 17:29:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/08/30 02:48:10 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/08/30 02:48:10 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/08/30 02:48:10 | 000,204,880 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/08/30 02:48:10 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/08/30 02:48:10 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/08/30 02:48:10 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/08/30 02:48:09 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/08/30 02:48:09 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/01/21 23:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/21 23:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.dosearches.com/web/?utm_s...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.dosearches.com/web/?utm_s...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={searchT...startPage}&rlz=
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7BF53C93F1-07D5-430c-86D4-C9531B27DFAF%7D:12.0.0.2189
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 11:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/10/07 16:39:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/06 11:31:15 | 000,000,000 | ---D | M]

[2012/03/14 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/11/13 09:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
[2013/09/12 18:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
[2013/11/06 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/06 11:31:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/06 11:31:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/06 11:31:14 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/06 11:31:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/02 11:17:17 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2013/10/07 16:39:56 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010/01/28 14:52:34 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: dosearches (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\

O1 HOSTS File: ([2013/10/07 22:33:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-1224842166-2811445709-100843145-500..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O15 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati...er_5.0.31.0.cab (Battlefield Heroes Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/08 15:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 15:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/11/13 10:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/10 15:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer
[2013/11/10 15:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/10 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayer
[2013/11/06 11:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/10/28 10:05:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013/10/28 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/28 10:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/28 10:04:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/28 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/10/15 16:39:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SumatraPDF

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/11/13 11:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/13 11:19:05 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 11:19:05 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/13 11:08:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/13 11:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
[2013/11/13 10:09:58 | 000,791,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/13 10:09:58 | 000,668,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/13 10:09:58 | 000,124,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/13 10:04:41 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/13 10:03:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/13 10:03:50 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/13 10:02:18 | 000,001,189 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/13 10:02:18 | 000,001,080 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/13 10:02:18 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/13 02:07:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
[2013/11/10 15:34:13 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
[2013/11/10 15:33:45 | 000,785,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/08 22:52:04 | 000,000,819 | ---- | M] () -- C:\Users\Administrator\Documents\Resume.rtf
[2013/11/07 10:00:07 | 000,009,486 | ---- | M] () -- C:\Users\Administrator\Documents\Spats.ods
[2013/10/31 10:56:45 | 000,001,805 | ---- | M] () -- C:\Users\Administrator\Documents\apple muffin recipe.rtf
[2013/10/30 14:38:44 | 000,001,099 | ---- | M] () -- C:\Users\Administrator\Documents\seed trades.rtf
[2013/10/28 11:30:32 | 000,029,851 | ---- | M] () -- C:\Users\Administrator\Documents\mbam report.rtf
[2013/10/28 10:04:48 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/28 10:03:19 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe
[2013/10/15 16:36:30 | 000,403,932 | ---- | M] () -- C:\Users\Administrator\Desktop\crop_chart.pdf
[2013/10/14 15:27:53 | 000,017,821 | ---- | M] () -- C:\Users\Administrator\Documents\Evening Primrose as medicin.rtf
[2013/10/14 13:53:40 | 000,003,118 | ---- | M] () -- C:\Users\Administrator\Documents\ultra-dispensationalists.rtf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/11/10 15:34:13 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
[2013/11/08 22:52:04 | 000,000,819 | ---- | C] () -- C:\Users\Administrator\Documents\Resume.rtf
[2013/11/07 09:46:30 | 000,009,486 | ---- | C] () -- C:\Users\Administrator\Documents\Spats.ods
[2013/10/31 10:54:08 | 000,001,805 | ---- | C] () -- C:\Users\Administrator\Documents\apple muffin recipe.rtf
[2013/10/28 11:30:31 | 000,029,851 | ---- | C] () -- C:\Users\Administrator\Documents\mbam report.rtf
[2013/10/28 10:04:48 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 18:32:33 | 000,001,099 | ---- | C] () -- C:\Users\Administrator\Documents\seed trades.rtf
[2013/10/15 16:36:40 | 000,403,932 | ---- | C] () -- C:\Users\Administrator\Desktop\crop_chart.pdf
[2013/10/14 15:27:53 | 000,017,821 | ---- | C] () -- C:\Users\Administrator\Documents\Evening Primrose as medicin.rtf
[2013/10/14 13:53:40 | 000,003,118 | ---- | C] () -- C:\Users\Administrator\Documents\ultra-dispensationalists.rtf
[2013/09/09 18:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/11 13:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 13:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 13:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 13:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 13:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 09:46:50 | 000,785,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/22 12:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
[2011/09/22 12:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
[2011/09/22 12:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
[2011/09/22 12:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
[2011/09/22 12:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
[2011/09/22 12:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
[2010/03/21 20:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2010/01/21 23:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2011/02/13 08:15:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Acreon
[2012/05/23 07:39:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ad-Aware Antivirus
[2011/09/29 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2011/09/20 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Elluminate
[2010/03/21 20:05:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\gtk-2.0
[2010/02/07 00:17:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Millennia
[2010/02/20 15:57:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\OpenOffice.org
[2013/10/15 16:39:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SumatraPDF
[2013/06/22 07:19:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012/06/05 16:07:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity

[color=#E56717]========== Purity Check ==========[/color]



< End of report >
OTL Extras logfile created on: 11/13/2013 11:30:49 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.52% Memory free
7.99 Gb Paging File | 6.24 Gb Available in Paging File | 78.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265.66 Gb Total Space | 160.75 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02109923-58DE-436D-99FF-1C6DD6DCEB2D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{04C551AF-F1EC-4FA1-8D32-1E8A952E3B11}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{064ECA90-EA85-4D15-A161-50C2345CA124}" = lport=57511 | protocol=6 | dir=in | name=pando media booster |
"{10851AFF-F029-43D2-9351-1E16C1FBA732}" = lport=57471 | protocol=6 | dir=in | name=pando media booster |
"{1BE9DBF6-CC29-4CE6-8EB1-4955D9555724}" = lport=57471 | protocol=17 | dir=in | name=pando media booster |
"{1D3C15FD-83BD-4A52-A91C-23F554087069}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{21C3F113-25C0-4EF0-9677-2D6FC3899A39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{296DDE05-E3D3-4B37-B5A6-5BEB77E8E1FF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{2DD6F556-97A1-43CE-A99F-A68D729FB428}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2EA41563-AA5A-4568-8311-16BCAA54E556}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3739787A-BF42-447A-9366-07E7499551BE}" = lport=57471 | protocol=17 | dir=in | name=pando media booster |
"{3B893F0D-45C7-45BC-8565-E4D8E588D879}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BEBCE02-90E6-49C2-AB8E-D0E133F973C4}" = rport=445 | protocol=6 | dir=out | app=system |
"{3EAC3896-AB20-408A-B67F-FCD282957212}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FBDCD98-6359-43BC-8966-6AC5360C751B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41FDEC60-1232-4C72-AFA7-38E9E76C6F9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E4A9301-16EE-4A5E-AFC0-4E1F563A61BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4F0080C5-39C7-41E1-B1C6-C578ED583E9B}" = lport=57471 | protocol=6 | dir=in | name=pando media booster |
"{544C6F0B-BB87-432E-ADED-420D13C3CF08}" = rport=138 | protocol=17 | dir=out | app=system |
"{5AEAFD0F-EFF7-4399-B4DB-D7236F445CD1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6D99F18E-E6E9-4872-A377-A1D526D8E516}" = lport=445 | protocol=6 | dir=in | app=system |
"{782F927A-1613-4631-9190-154E2545688B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7A0A307E-7CEC-42D2-9D8F-DF075DFB74DA}" = rport=137 | protocol=17 | dir=out | app=system |
"{88381AFE-21D5-44F7-9B09-0ACCE6C3F4A5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AD6B1F2-34BF-43A9-809D-EE7ECA4C05E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{8D6326E2-C029-4F58-8CDF-06FC3251BE58}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EBF65DD-2B6A-4005-9D74-B7BC6D054773}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{91203BDD-77BA-4939-A9DB-556F1A9F5DEA}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A5CECE3A-9524-4A29-82CB-F8BD859917A5}" = lport=57511 | protocol=17 | dir=in | name=pando media booster |
"{A9AB3E78-5AA2-48B4-982A-9D689C8F22CB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B078800F-29A5-42ED-8248-77313FE6C9E4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B4C2AC26-7480-4373-83DC-78B5B14016F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{BD314197-D008-4C50-951B-84E84E46F648}" = lport=57511 | protocol=6 | dir=in | name=pando media booster |
"{CB1F74EC-0FED-4478-9607-229EB472B727}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{D11369EC-51CF-4002-9BB9-EE281CD4D2E5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DA8E7325-DDA2-4C7B-A685-F6559E446910}" = lport=138 | protocol=17 | dir=in | app=system |
"{E8D623BE-862D-4603-8890-AB6C3C543B6F}" = lport=57511 | protocol=17 | dir=in | name=pando media booster |
"{EEE4E301-CE29-4C52-AC30-7770BEFF820C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F7E7FAD8-7360-4935-B119-9702984957AE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00311F48-0F29-488F-8C3B-D8648ED5B8F1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0408E68F-5B84-4FD5-A49A-7A30B8F656C8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{04D6EC3C-DFDF-417A-86F7-DB603D0C3114}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{08D93482-047A-496E-B19B-8581EF1E8FF2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{098D0CC5-C454-4B56-9968-D47375FF2F6B}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{0AC43648-D635-49D6-9A04-AC09668D7698}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0B558FDA-3ED4-49F4-8BEC-F6125F84A329}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0BC53665-FEFF-4D87-89D4-8085554906D8}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{0CF63E0B-8161-47D7-A6B8-FCDC89A45540}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{0EC91F12-DDFD-42E0-9049-490C8F1B7F50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{104CD85C-ED0C-4635-A9A0-2B2C02392CA4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{10EEAB44-3FB5-4546-8F4D-6B662040E271}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{1277EADC-BC10-4311-BCE1-A523BB6E5FA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{12C0DE8F-7F77-45A3-AE45-3FBE9042DCEC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14174ECC-7EA3-4A1B-95DE-36089B84A920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1474766B-FA9C-47AB-8436-892E79C2F0BF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{14C87901-7B5F-4B45-B817-DDE0E2FC6043}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{16FD6CFF-9A27-4474-98DB-665AD42EE260}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{18D10E0E-A629-4B6B-8438-BAB97290F472}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{19FD5AA3-521D-4117-8B7F-CB50F87DF1EB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{20A40D95-2BBE-4DDE-AA0F-C2975794750A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{228B0EE6-2D47-4C8F-B09C-11DA7E9DD6A6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{23602F4D-5DF3-439E-82E1-75678C205C62}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\rm.exe |
"{2496A364-E9AE-4967-8912-324E9FFC8BAC}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{24FDC758-0F07-41FB-9ED0-83C92BBF9798}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28FC52AE-8D12-4B3C-8637-BF69F91333FD}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2952C625-8D4E-44D4-8C51-F3D64E6F18A3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2A98A467-D1D5-4D42-96B6-A6D59745F9E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2AF5D644-C2C7-4B41-A699-CFABD4C0886A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2CB99F0C-AEDF-49D1-98B5-B12720325EFD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{2E7C2F63-4C81-42B5-9F4D-329D254FA816}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{31E2B3FA-2F3B-42AE-9031-39B0D7B9F489}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3329FB89-E472-446A-9834-B76074720973}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{381609CE-9224-4731-B63C-99147B00F0D5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38940A29-65AC-4309-8F0F-C470EA8E98D9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3A119B52-6641-40C5-9250-44E0A5CA31A7}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3AEC39A4-C52A-4E25-B15B-5E4A0D0C9502}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3B936A4D-70FE-40F9-9EA3-AD6F7F871809}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DA3F282-D4F4-4243-A23C-E23952092F02}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{3DDFC953-A27E-44E5-8C93-6F65A09D309C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{40BB3EF8-E0E7-481D-A010-C23990311C93}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{41E8B170-DFFC-454C-9CFF-2C7E22971EB8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{42C60383-4B87-4251-91F4-18A94593512E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4331AB8D-40FB-41AE-AEAA-A90D87C2F121}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{46C9A6B9-42DD-4E13-AF03-0F9CC7C13DD1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{472BD21F-430D-4ABC-82A6-E8C338BB9091}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{47E2DBF7-BCEE-43B4-BF60-BAE3F5356CE6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{493F3844-E423-4F17-B42C-1BED80F15B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{494FDB24-D4AD-4588-8530-651E7A5DBCC4}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{4AD8ACF5-2367-4F09-AB36-0522F3D2A98C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4FCA9B9C-5B8B-4107-A0B2-08F4B53C4190}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{553A812A-53FB-4CE9-AA15-9BB558B72340}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55A3E1DA-59DC-40D7-B5B7-BF379B56D4EE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{55E1080F-9D79-4A6F-B019-79199FCCEEF1}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{56186BAB-E98C-4283-8FF4-3F8B81098673}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{56426541-6346-4775-88C8-019A29A81E3D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{59DCF8A9-8678-4DD9-850B-75B38745B467}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5DD658B6-61C5-485E-B520-99A260D45565}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5E2740FB-0851-4226-B44D-92AAFAB7313F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{629A74DD-A90E-422F-A071-018401BCF3A4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{645F4D2E-269E-42A4-B8BC-6008795F73C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6994F34D-EB6D-4302-96C4-392C926E4AA1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6C7D6119-C9B4-4B17-AD9D-B52B1B771392}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6D5E9F76-E9F8-41E6-966E-262787127F87}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6DB3BF43-3B70-487D-8BD3-513F90446D48}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{6E7E7A67-43B7-41E9-B498-42A8A098BF55}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{745188ED-E5ED-4EA6-B3D4-C74B243B94D6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{752E9BFE-EC43-453F-9799-BF17FE4BBDD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{75993784-FD3C-41F1-B94C-15DD585A101C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{79ACCB2A-C3D2-4519-B964-1AE5D186731D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{7D284FB7-EAAA-4E7D-B807-3AD5E6B59621}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7F61BB87-8A88-47FB-8A0D-05F0078EE8D4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{812C87E0-0290-466C-8C32-DDD59D0FA250}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{83586608-9402-4AF5-ABE9-A2D8A6E4D0E5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83C70BFC-6935-4C1C-AB8E-EE0907ACC97E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{83CDBE8E-D964-4C56-B1A6-07DEE8BCA7C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{845FD6AD-AE20-4E76-B8B2-41CDC9EC7826}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8626B8CB-8CD8-4792-A39C-FE5D6EABCED3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{874D639B-D876-4D1E-91CA-B72868813AC2}" = protocol=6 | dir=out | app=system |
"{877E6A9C-6D1A-4C11-B8BA-666419921E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{89777727-4B2E-43A5-AB4E-7D69873AEDBA}" = protocol=17 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{8C0E317F-C29B-43D6-B206-A5346A9E0118}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{8C697BA1-B55D-4AFE-B534-4E096B6D4DA5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8D40D627-D45F-401C-974F-11FBB1F41ADF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8FFA4002-75F3-4C5F-BBCA-0B659B2A052D}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\videospin.exe |
"{91FA20F8-1720-49CF-8B50-B7FA1171776F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92811427-FC93-418C-A6CB-5AE7E3287848}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{92CBCB8D-A58A-40AA-AF7B-65B22C28000B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9349092F-74E4-46AC-B3DF-FC4D647D8F1F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9539FFAC-6BA1-459C-B82E-B0F63EE5A9C9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9548D6C9-91ED-4D1A-8A5A-732A60988442}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{977FA503-4BA5-4DEA-B182-897A2D3F7762}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97AE8968-DDEE-4446-AF88-058AAA43C64D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{97E72EF4-70F7-4B4B-8347-3940B2B04B2E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9A342156-B72E-4324-A74C-DC5DD9529ECC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9B05355E-1802-4EB7-A38C-634BCA293C50}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9BF2E0E9-4679-48C4-AF61-12EC0E6B964D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9C8A57E6-B5FA-47E2-BF61-935E2FF02067}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A127AC3E-077E-4943-B32E-A9F0A3E51929}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A230FE8D-6697-4351-A7D1-27781AD245C3}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A3484B5C-9035-4D89-B4CE-0B6D4A2E6822}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A72A86E5-FC5D-4524-8A71-6191B9F999FA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A78AF983-0C55-4F79-AEF0-37BD19267F5F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A8A27C97-C374-4052-BC4D-A91116B46E6B}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{A932002F-7F95-4451-BF44-70501FE751E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{A9BB6C83-F497-44C7-9706-6C45CB9419CD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B0A00A4A-98AF-479F-A60E-BF78E5900747}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B1BCB113-EAEE-48EB-878B-E617CF367039}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B1F1CDE1-8EB7-4451-9ACA-4D80674026D4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B2CD3F33-6D33-4173-94E7-9701EBF4D020}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B370784D-EDB8-4DB5-8F43-BB6907ABA93E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B39E4FC6-2F10-45F4-9038-6241CE6B1FE0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B414A20A-952C-449F-A094-98D82671D2E2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8A3BE06-8D51-4E8C-B217-1DCB9B7E9134}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BA23ED01-CB99-4643-8117-16087874DD3C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BEC0A3EF-A18D-45FA-B8AD-0ABDCC7CFFE6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{BF3E7038-B4AD-4AD0-8BF7-777D2652C65B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C13DEF69-1C49-4C49-95E2-066F8B8CC68F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C1F1BEF2-B36D-400A-AD00-CF33ECB9F84D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C454A1FB-0942-43DA-AC46-CAFD3396C5D1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C563A4E2-B99B-468B-9DEE-FB8402CB82A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C69F6E37-D1FD-48A4-B994-7560838BD72D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C991BA2E-8BDF-4E2F-99E7-0FDA0E999293}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CA7BAACB-1DB2-4251-AC1D-C44C660181EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CAF18376-20C9-4A1B-AB3A-85A60D877CA9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CBBF97A8-D882-4E17-BBC4-BC9156111481}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D059E87B-D188-44A2-AE76-B5E5A63C6CA2}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{D23F8664-DB14-4685-99E9-455AB57F5F6B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D24917D9-BD42-4CAF-BBCB-CE7B22B3EA3A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D2D67EF8-C8FD-471F-B44F-B378EBDEFD78}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D367154C-62CA-4A86-BD04-986431A491AF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D3BA2A03-BBDF-4AFA-9A18-0EF8E016C1B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D44436BF-CF2E-4027-A2E2-00189BAFFF65}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D65C7866-91A4-40F6-8440-9D213167241F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D6D8519B-6550-42BF-A8D9-ACD187E4E089}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{D9C62700-3E99-4705-8175-8D7F6D506A54}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DA6DAA1C-8EF4-4F74-9D26-5729392A9E59}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DB3B50FE-33D8-4DB1-A298-931E80D7139C}" = protocol=6 | dir=in | app=c:\program files (x86)\ventrilo\ventrilo.exe |
"{DCC7FDE4-10D5-49D6-9C6A-CD0477C3E48D}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\videospin\programs\umi.exe |
"{DDDB42EB-3402-4CE0-B135-D1667D27D8F9}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE69BFBA-C195-448D-BA58-01C96C855408}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E29F3C5D-0A90-43DB-8226-45BC27C1F98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3A9F768-D423-40F9-BECD-78A7DB887B98}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E4BD17C6-045D-441D-AB32-75EF7E754742}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7642C57-68C8-494D-B6F1-49FB326787E6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E7EB89A0-8477-4574-91B1-4958D9CE8444}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E88CAC5B-23BF-4816-9F4D-C37367C3A57C}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{E9C7D95A-0F44-480A-BF48-4B6AE48D5156}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{E9E2A5FF-48BB-4890-A2F2-A6982A70FEB4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EAFB3E86-8026-40DA-BFEC-FE3E05258632}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EBC0D362-AE58-48D5-B25F-9023D3FB0054}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EE311C9B-B13A-4CE4-B110-26683A4F4E6A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EFA59528-040C-416C-A2EB-8A01B4A45E24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F075781E-BB22-47C6-B021-5FD16161F42F}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0D1A1CE-4718-417B-AC9C-4E7B0CB9FCB5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F0F9E34F-EB8F-4215-ACE3-9471A8AE98BB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4B26AC3-0ECF-419D-B758-0BC4E797D9C3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F656EA24-FDD9-48E0-BA1F-1024D4BC6C15}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F7A14DFD-2E65-4832-BDC2-166239565309}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F9852E3F-B21A-4139-86A4-708CDD6AB8AB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FB5D52DF-4EC4-4177-9FAE-3CA2B7437FD4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FB7DF6E2-709E-4978-A092-777FA9F75251}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{1B7F224C-C0A2-44EE-922A-D44B04250C2F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{ACBFBD4B-9672-4760-817F-E75ED880DDE9}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{EBF520A1-D2C6-436B-BC4B-F7FAB1EE5B11}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{5DDE8B11-E298-4964-B616-A9213A2EF60A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{A4D17D4A-B5B4-4939-B113-40969E46F370}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{D88F583E-B15E-49D0-9152-7C5FDF9A5E64}C:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\turbine\the lord of the rings online\lotroclient.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4FF9E8AA-D554-4CE7-89F9-B69DAA5A1E98}" = AVG 2013
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"Defraggler" = Defraggler
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype? 6.10
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A25D130-4EC8-11E1-BEA4-B8AC6F97B88E}" = Google Earth
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = 1701 A.D.
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online? v03.04.04.8012
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon Kindle" = Amazon Kindle
"ATITool" = ATITool Overclocking Utility
"avast" = avast! Free Antivirus
"AVG SafeGuard toolbar" = AVG SafeGuard toolbar
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DMUninstaller" = DMUninstaller
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"fileopenerpro" = File Opener Pro
"HaaliMkx" = Haali Media Splitter
"Legacy 7.0" = Legacy 7.0
"LegacyChart7_is1" = Legacy Charting 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 25.0 (x86 en-US)" = Mozilla Firefox 25.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Play System (Patching)" = Network Play System (Patching)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"SumatraPDF" = SumatraPDF
"VideoPlayer" = VideoPlayer v2.0.6
"YTdetect" = Yahoo! Detect

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

< End of report >

work smart..not hard.
AfterDawn Addict
_
13. November 2013 @ 16:28 _ Link to this message    Send private message to this user   
Originally posted by Heather59:
no windows updates since the restore. here are the logs you wanted. I have run 3 programs that an online 'remove dosearch.com' tutorial.
I'll help you out of this bind.. Please don't run any programs, download or delete anything unless I ask you to... That can screw me up and might just cause a big problem..

If you would please run the other programs I asked for, that will help me get a strong grip on things.

I will be tied up this afternoon and may not get to it tonight but will as soon as possible.

Hang in there.
Heather59
Junior Member
_
13. November 2013 @ 21:47 _ Link to this message    Send private message to this user   
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:45:51 PM, on 11/13/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://apps.facebook.com
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati...er_5.0.31.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Util SaltarSmart - Unknown owner - C:\Program Files (x86)\SaltarSmart\bin\utilSaltarSmart.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7379 bytes

work smart..not hard.
AfterDawn Addict
_
14. November 2013 @ 17:51 _ Link to this message    Send private message to this user   
Hi Heather,
Please make me a list of ALL the problems you have and the things that bug you. The more the better so I can see what I really need to look at. Remember, I don't have a crystal ball.:)

Run the following script to clear up some of the things I could find and let me know the outcome...

May not be able to get your not genuine to load the updates without your disk and a re-pave job. but we'll see what we can do.


Run OTL Script


I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Double-click OTL.exe to start the program.

Copy and Paste the following code into the
text box.



:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.dosearches.com/web/?utm_s...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.dosearches.com/web/?utm_s...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
IE - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = http://search.myheritage.com?orig=ds&q={searchTerms}
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
[2012/07/02 11:17:17 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
[2010/01/28 14:52:34 | 000,003,803 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\MyHeritage.xml
O3 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O15 - HKU\S-1-5-21-1224842166-2811445709-100843145-500\..Trusted Domains: facebook.com ([apps] http in Trusted sites)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati...er_5.0.31.0.cab (Battlefield Heroes Updater)
[2011/09/29 13:26:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\AVG2012
[2012/06/05 16:07:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2013/06/22 07:19:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software

:Files
ipconfig /flushdns /c
c:\program files (x86)\avg\avg2013
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK
C:\Users\Administrator\AppData\LocalLow\Unity

:Commands
[emptytemp]

Then click the Run Fix button at the top.
Click OK.


OTL may ask to reboot the machine. Please do so if asked.

The report should appear in Notepad after the reboot. Copy and Paste that report in your next reply.

Note** if the report does not popup after the computer reboots you can find it here in this folder ? C:\_OTL\MovedFiles
It will be named ? mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing
Heather59
Junior Member
_
15. November 2013 @ 14:19 _ Link to this message    Send private message to this user   
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0\ deleted successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\defaults\preferences folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\defaults folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\components folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK\Chrome folder moved successfully.
C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\MyHeritage.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_USERS\S-1-5-21-1224842166-2811445709-100843145-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\facebook.com\apps\ deleted successfully.
Starting removal of ActiveX control {784797A8-342D-4072-9486-03C8D0F2F0A1}
C:\Windows\Downloaded Program Files\BFHUpdater.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ not found.
C:\Users\Administrator\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Administrator\AppData\Roaming\AVG2012 folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Unity\WebPlayerPrefs\s3_2eamazonaws_2ecom folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Unity\WebPlayerPrefs\a_2egardenquest_2ecom folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Unity\WebPlayerPrefs folder moved successfully.
C:\Users\Administrator\AppData\Roaming\Unity folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TU2012\Backups folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software\TU2012 folder moved successfully.
C:\Users\Administrator\AppData\Roaming\TuneUp Software folder moved successfully.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Administrator\Desktop\cmd.bat deleted successfully.
C:\Users\Administrator\Desktop\cmd.txt deleted successfully.
c:\program files (x86)\avg\AVG2013\Tuneup\TuneUp Software\TU2012\Backups folder moved successfully.
c:\program files (x86)\avg\AVG2013\Tuneup\TuneUp Software\TU2012 folder moved successfully.
c:\program files (x86)\avg\AVG2013\Tuneup\TuneUp Software folder moved successfully.
c:\program files (x86)\avg\AVG2013\Tuneup folder moved successfully.
c:\program files (x86)\avg\AVG2013 folder moved successfully.
File\Folder C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX\DONOTTRACK not found.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\Data\lib folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\player\3.x.x\Data folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\player\3.x.x folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\player folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\Data\lib folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x\Data folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\mono\3.x.x folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\mono folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Temp folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\ddcd825197ee0af096dd6515ed58ba5cde735305 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\bce07bec7fb626f3703c2f6732a543587dc789d5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\adc1a14fca0e04923bb7b941c75d81867d85920b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\a3af94ab450422f36be9c325f9d8af7048477ce5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\782b311c2e7ec0303228ce558f0ea3011d2bb05a folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\72ee340f9e46c291b7e1b4acc11607877cb7760b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\6cca300065b4b7e4770122803271725d24cb11b6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\64e2580bc50dc0393bb735b6ab5b22e836493421 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\5e5dae7fd201844b62e1167e190fdd0dc18bd749 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\5d660a5f4af3932e21f79f424160de3dd41e4439 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\5cfc8d067ea184d68646a663c31ceeeeed6ae615 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\5a3c3441368737f3e25434baca0cca8bc7c76937 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\4bde4ef14affd30c867b333cbd654278a1a085e8 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\43713555a1ed68a65a87e3beea5b23cf7e9b5635 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\2785b00a0c4c03b4b61b40ed9ccaf52f5873d642 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\26bd3a5be629295954d3b0da18a527a5c203ac15 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\1fdb63792da2d7ba4fc68c72565ec1ab4cd31887 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\14409461bc01e27ee3915a0e2a8ef0f69e159cd2 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\0b088e790b051b2d0219d771b74a9b11807542f2 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared\031cbba2d98efe02ffb801ae4ae4ef31982af30c folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\Shared folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\fe0f87d2fd073f2fcd56a62aec752a63fd6d29f4 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\fde7ea8621d03fadaac72b56daa9054341856212 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\fd6e6095e1ff0f4619988ab8f35d1108589b1d11 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f9342d882e9230975aaca23ab0f87922d437bfb3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f824ca9cf73365ada3315fa8900d77f616678292 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f76b3d8a60dd3831a2a785c26f64d0258ed18d3b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f6b2146c0ad45bade302c5d38c3eba66cccf35da folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f63e402ac2a93950ca45dc3945c40ea6b5116520 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f4f508df6ffc98dfa9603d1367cad7ebf331df4e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\f04b85d1f3edbc08eb73de07378a557c63237901 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ef6d7f85ea5623ecba04005e678b7de08bebf880 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ee2d1c259526a45fffb6d8b6d00c63f3b88b9493 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ecf33658f3a38d33d219a082b90ba44bb3083c50 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ea2b882cdec888ba64640beae528ab9ba91d7c35 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e9905163823f3b49bc6cf86ee0b0f4639c03da6e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e9422578b2187c612ae22faa0da0665def224e44 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e8eee43898c748064421b7e0d2bcffbab8f9d452 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e8186eda28de0afd47c6373b88977d983f934ed3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e7edec1f6a978863a3ab3de5513423b1d6ad3975 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e7868bf631da35e708a4384fca1a9d2253709d62 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e67ace49ea9fa4e102375417c65c59cb750d8feb folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e600d3d4556ca87948dd35ca3884894dd268bd70 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e539d88599db83f1744197b0ad263c81c31a53e4 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e3cacb4bef251fd2659882028670e02824db8198 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e337a1a0207a0bcda26769921702db7d98bbe4e6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e22b2b9a4dfafa2c86bb84c816f7984e353e7691 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e1da4c0aade38952ce8e4bbad4d8106c0c0c06e5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e155d3b7d326332220cfde2517d89946497eb64b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\e1061eed96f7bebedc74c05aff4db0647b61b287 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\dda1a64b52c7af69be2b15d45c6b00518279e8b1 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\dd14fa7d3feb945846f794b0824ba6a9ff5b468b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\dc69ad8a7e4e4625d3a7498f98a4008d0a10db73 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\dc584f2f009388baa5e07ea1b13a2888f9808b65 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\da3cca5bfa53d73a08a213d1a6520df0d3253cb9 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\d6d271744389c181ac7a18bd6abf0c171d5f4a84 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\d5f5c2aaee9dabc93768458fbe8f10589804da97 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\d5ac40156edf74b94cc4dc61367e00c3add28f77 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\d54cb48a566f0b89177f7311d7c7b442a6b31357 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\d41bb8b4428e6bb115c7a7aa613ca04c0e9503f8 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\d390594b5cc0709b75f66e3454aca629482b6421 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ce5e9c13f44f44a253d6df333b48af3f505c8c79 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\cd7e7148271efd74ef3aff133597066d7a6131ec folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\cd04a0f939683a49b59348c58e8c0c4af5e63801 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ccb30eb493f5b4bb7ce459a73bc2f6f95e95692d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ca5432be2da08fa91b3d64eddce951229cbd5b9d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\c8b7781d6e030b77785523e7662deaaa5eb8ae1d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\c6c7e087493ed505df3b82d15f51d7094fe716c7 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\c6b0824fcc955d754f189914f33620a4453a32f5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\c51f66f74a1ff10f45826678e3f9a0117f601221 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\c276b215027faddcfc568d5fb238b6bc138f086d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\c0093196e31ab600bbe22d4948b495e3224e88a6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\bc3c3ae992050260d499814b570e1acb7b2b91eb folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\bc203c7df974806fd06596bef15dd252107ea570 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\baa83d43744f2c25054ae695443a970507db6a95 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\b976890380ac7eee42baa9f9db4463649bb4df1d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\b76166596e15eef716512891c3df729d73955606 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\b250739b9dcde77885d1234b316793075238233f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\b05dc0d28ff2502a839e9bad1acd2157da072224 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\adbf663759d94ee3559cd8f872aed22001ef999e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ad826647c13e214766364c6e77fb5e930894af83 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\ab204aa27173ab997b87e8a5235ec7086aac2eff folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\aa7d78ecb8ab3f224704dc971b89728977af62c6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a83fedc2a0a3cec38c239253c99a4b7e4a1c2d3b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a430ed60d74ea5a3e0655326aacbeec9b39dc91c folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a40aef5c83fe5779e53cebc049122798d58dd823 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a333ec1b3ee60f93e3d84bcfef654cd4bdd39c16 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a1bc9ced652e2c1b6280dd8135cb56b225af47e7 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a19b53b363decdf7c54a8ad1902a72ed3ad433c3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a195dd0cf0af92a9f953794382b9203ab4c8aef0 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a0fb636e9b555ad502208d391e667ef3074aa048 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\a082d639c7539a4bbf92db38924051d89eadd182 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9ff2e7c5f2f712c1c54450c4293ff562f885b7f5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9eff35e6a4dee767a6181e56ca100107cb5aed20 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9cb1e29cb091897d8f7a4f5f002b8d571dcb3076 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9b6a50e55ade42557c8104099d1eb52c7ef42c4b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9b179b99635e482012b561dd673a7b03289884ce folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9afe14280ce06baa39c6109b73bb8bcb34b00e1f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9a0a36ba0756418fa4764357d54c5d82f9b277bc folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9a062f6ea873e7aae2f9b6313507e4aade805f13 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\99a2c74f8445c32db794760b4ea40482d912ae7b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\99779a0a502797aa51d7e505e2bd4efdb3c7c639 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\98e58d0262a46733e82962c5355b8bbedc5a1a28 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\980e8b87745ac8818f6e96853e3918e775dcb061 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\978c9c2481735e47dee6becc33de56c3ec12c70d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\96af7bb8166abff5dd765501b6d2ed45fe134b4d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9611fc6c8ad888745533090ece4e15a4c822176f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\95f2d42dfe1372b97449a0df96d62121c4e6dcfa folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\95cb326bfad99e419eceb25459acb58bb7907775 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9469c326a6240afb48045caaca90d660a191cc63 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\93c216faf5ef16e18d38a52f50b6ea76b0097aeb folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\921505d4afce939dc77befa0c3440f05bdfd8a25 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\9101242bb568386e08482aca5f5728d4ef21b8ac folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8fff878f66fc413a409d773c5d6017e142fe0a99 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8f8847d90e4bedcd65168cfc67addc35a42feb2f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8cd7df65515bd4f88e13259cb38866202285ffb9 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8cc05cfb159db32ff73b9ad05b2aab213cc5c616 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8bcd41b33c28c3c5c42af2971b85de3991e2b76e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8b4793de9e58552e3ed717b8c3852a7dc9a826ee folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8805c5521f520e5f52d929406d26134afd0a1f36 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\87e41a809188d4a6ef0b99325e5ca0c941be92ae folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\8663d82445363ec72b1dca6184bc625bcfff95b1 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\863242180629d27c9dff745d14fc87c034bcbe2d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\84ca347e230ede3d4b8c608127c77a9ea59e5e3a folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\83f97e4d48064c9fe2e46994b23ebab05b93e7f0 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\83669972f3ecbcf87343781f69cc2d0fca3cf3c6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\822b29bfb54d977e90e18a310606ffdbd93c6784 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\81362620b39d754f6d8a70b755c861b16fa4fe28 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\7f2160001825d100ba28b10377402c2dc2c4068f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\7da009ec4b692f13700c9259cd13bc4889acdc00 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\79f3aaddcb0aa74b53ac8d2a045532701b481666 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\7996e9d16b352a209d642889b88d9e5812a0d352 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\784f44bd99e6680c22a4bbb9eea1f3d99485832f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\76ec0fe07e87e21b479ad2f0699459bd25589088 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\75d7f0c10fe399d3506ffcd790113d276613c5e9 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\757eb513326f35c632167c441c287866b5647236 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\7491816d154979b50eb3b48e9d709608b886b29c folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\7334ca8b5f8694d7ca6814387a63a1368465bdbf folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\7236544283bb8477ece7dc8a545275d0c8ab64f7 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\713fd00c03c77ee32c1584f57b3f2df3aac6b590 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\70e8b0ead5f32bcfff23d965f40a6046b8b430e3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6e91652a792e5d10a89687220f3445a0db234d49 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6e252f8a8795dff339fd788ad964a066d88450ca folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6df1e3c0692c6346d46345b175a865c84b66ce0a folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6db5f7785c19fb461c098a30326917e8170e5ef6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6c6f7fc52e46337330d40085216b7143a9fdddd3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6be5e8b61f4f28e5e23d4c75bdf88c8aeae4f121 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6ae9b7449d143a532b708d65f1d0cd709440cc1e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6a5cd7c17ca17a529be2db2e98c1170b8e40ae14 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6a15ce7cd673a2c32a0371e3e09c4d6c9c214dbc folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\69b78ade501bd2ca95effd2857f738190d07e793 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\67caa208d275e1954a249b128c92f3ece0b3de2b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\679d13842b57d3e3f0f630431a3c9c55324d2938 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6799e675da60ae799b62cd09aa576a2e9b043e95 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\672376b3ac65e9b6e4d96cb42f7d1da483d79e80 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\670e6954715f95162f76dd0ef43537ed1f68e45b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\63172a7d17da1ea3e8ce7aad240c2610d9bd4120 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\63054c1b481b67098f225bb710d36f3864bc9406 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\62612af4aa2b7009203014229003112f970717a2 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\61e3a49bde605c91a8e64f82e7178cc7b9a854d3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\6171b2ff74d4bec3a19880768b212fe284eccfc0 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\60e0bb1c5bf2bb2c2b4b3d7c029cbc0b688b05af folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5eea96bc5db1a134b9e96be069e1b3275bd73cb1 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5d301d77f1fb7bcb0b3cf1b474a2d899d6465788 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5c3d743310db5748baed85cecb9138c3ca5ba634 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5c1c4c039d74be4589ec1ddca8de930d51ba772b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5b9a4c084d451d94edefc17530071b1fad5caf14 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5708d646c37d2517e86c7962777fed655c16162b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\56b40a5c701afad5984aebb53750bfe2c7423fe2 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\54b41b634a90a3fce5fc598520c0ce468449282d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5445c9b6046f3e698fa951e69cd52316b612a7ac folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5436b30c3df4ef5356a36b60d51dd616faf2f810 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\52496fe7a854977ce43ee40afeb532163787fe53 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\51a4752445a6fa0bb77de35f68a6de9f3ce36c02 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\50b92ddbbab45c23143b7ff15dbfe962ce46ca15 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\5082cffbb97345a3c4f03b616b42ce4173eda1dd folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4f4725fd88ca738c90b4f34dff1819a384444ea6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4e3d1c34a2efa354c3660e26ef16b06a56b5c511 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4dbd847470b0688ed92693e06ae0f298e8263382 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4b7f4237552cf5ce62f487476e4dd1dfc4987340 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4b4e15bd8af75ebe80ed3b1fd51819b1fb1688a2 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\476d95c40eaa1018d63ce91e03232c112cd69923 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\472f4da1aec423de228bf88228ac3f62f7a21d0d folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\465cf3dcb413901897e2c2467fde1d098ea0a793 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\463fd1e6a48bb3a63616552df47de12293dc5f25 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\44491164f9338fbba69e053fa89d35b7b5c71761 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4428ec0edb8cba3ea33a568fb28fc12a6e95e878 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\432f868f6077cbd61e576d5c25226ef2c69bfc4e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\4323ac1af41220ad92aa0a958c8f8bb80149a5fc folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\431a33c08abe18a1df19fef2303cdd1b6018fb55 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\415604d9bf6a7036bc016f0a8ed4796ac9427a91 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\3a9da2ccaee1a510b974f5563dd75939c7be76cc folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\39ab9e727550d1107deed4cff4b391917a89a126 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\36a62933e08185229735908485699a3fa3059f95 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\35d4d97d1530eaef52b4764373a56589904a463a folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\334a53c16679b5ee3ad91822f1cbd4bea72b3b21 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\31c26d9026a5026e03eb7bb67c710e1d2e5a5a7f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2ddec3336afbca330d760ec3717b3fa2707fbdc6 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2d170c67e8d4d624cac5dba11ca1cab44d32dad8 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2c3b99188a3a8234dce19ecdcdcdd4666b319599 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2c30dfefd91ee485144edff5d484218b35d5654f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2aab3c432e22960513bd6e6a225da12847a6edce folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2972d206b2450d511acea154f5bda5ff1de2bcc0 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\28c35646b35736944577ba797d60b17ded148161 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2788cef12208493ff14fc0f893c199e93418886f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\26827b98773e3797e3441e3b2ccc0d5cf8381f4a folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2544aff8ef68d758cb9abe9f4b4053793ee794d5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\24b4e6b76139565855c81fc02dacc0924b723318 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\2426cdbce31c390f52ae8497e87b96e37644befd folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\1f38b3341486f1d513bd946b1598af9680d4fdca folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\1cdfb1b9c65f4a5e4b4b7b0c9bbcdec2e5545375 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\1b0e4ee238755b9ac931deeb30f0ca3d810050d3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\1a5ef846e00e143b6c0bede4971c448f7becbae8 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\198dc1558507d3462ef94a649ce7c7084d69d5da folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\18a477ffe159d3126010f5f40b389e012d635c56 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\17b5c3da268358d1ccd1644848f4c7cb2d369a8f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\15f497bfe175d9103d35f67d72865e3be5604854 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\15c20686bab133027d086556680fd95191ae2f39 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\151618a7115bfccd73edb6bf1c8d5d6ff48fe353 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\14a555c4b3183a490df1e71e22bb292591478321 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\11e1f1623d65ce5818972327a794f73c15c3e848 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\11ddbb7ca72551c5be4e085a1bcb3c923bbd3eaf folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\10f6f7e0354eadd95f958245bcd1060ae73769c1 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0ff819a0e555fc16f2b8a7f1457f1d93f3ba20f3 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0f64ec4dd9da902571f795d81b4743b2e148ba5b folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0ea90ab794307421dc0a663b57aed542bb7496c5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0e5bf14f598a758461ee97c9270b4e49245b8eda folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0c9b659b8a27230e9973c08e0937165c47918461 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0ae68ecc203004ce81e10ca1933bee672c951395 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0a4993e11556c372c1c62509b0e2672b72da9bfe folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0a34bf417d4c47b1eeba90ddecb378c84882988f folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0a2c0dcd0d56e4188bdaa74406548e522f6c452e folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\09922a5e49874a5e9f999545d83fe2f097f5d0c5 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\073c3260c0022aceb39a1d958586bc1da7a1b8aa folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\059f6fd8e840f7251d5f6cdcfe34c56bcafc27c1 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\02a659dff21f0492440509ca3b81069cb9886fe7 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0284916cb2b42ec32e0a8cc20ed5fce05b5d4902 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\01896aa4c9d5fb2d64de3e5659723644c4a8a770 folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\015d093ac45db38df16af40f7bef77101d1fa35a folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest\0010ecb8a1bb0ddcd742d9fda46d228d9508d3fc folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache\GardenQuest folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\Cache folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity\Temp folder moved successfully.
C:\Users\Administrator\AppData\LocalLow\Unity folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 48714336 bytes
->Temporary Internet Files folder emptied: 848137 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 390770087 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 81705 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Heather Sebald
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45775825 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 134 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 464.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11152013_121958

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

work smart..not hard.
AfterDawn Addict
_
15. November 2013 @ 18:01 _ Link to this message    Send private message to this user   
That's good. :)

Now check it out and tell me EVERY THING that you find wrong or OK... Then, run and post a fresh OTL Log and we will go from there.


2oG
Heather59
Junior Member
_
15. November 2013 @ 20:40 _ Link to this message    Send private message to this user   
I don't know that I have found anything 'wrong' precisely, other than the almost constant "Threat detected." from avast, and its sluggish like walking on glue strips..

work smart..not hard.
AfterDawn Addict
_
15. November 2013 @ 22:41 _ Link to this message    Send private message to this user   
Click the Avast icon on your desktop or little one on the taskbar then click Scan or Quickscan depending on the ver of Avast to see if you can run a scan for the threat and quarantine it.

Ran a defrag on your C drive.

Then post the OTL Logs.
Heather59
Junior Member
_
18. November 2013 @ 15:37 _ Link to this message    Send private message to this user   
OTL logfile created on: 11/18/2013 3:31:10 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.57% Memory free
7.99 Gb Paging File | 6.39 Gb Available in Paging File | 79.98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 265.66 Gb Total Space | 159.81 Gb Free Space | 60.16% Space Free | Partition Type: NTFS
Drive R: | 200.00 Gb Total Space | 66.99 Gb Free Space | 33.49% Space Free | Partition Type: NTFS

Computer Name: HEATHERPC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2013/11/15 14:35:02 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/11/14 22:21:18 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/11/14 22:21:18 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/11/14 22:21:08 | 000,116,776 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/10/09 08:16:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013/07/02 08:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2013/11/15 14:35:02 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/11/14 22:21:22 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2013/11/14 22:21:18 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/11/14 22:21:08 | 000,116,776 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/11/15 14:35:02 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/08 17:29:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/04/09 10:20:30 | 003,063,968 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2013/11/14 22:21:24 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/11/14 22:21:24 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/11/14 22:21:24 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/11/14 22:21:24 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/14 22:21:24 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/14 22:21:24 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/11/14 22:21:24 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/11/14 22:21:24 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/11/14 22:21:15 | 000,028,184 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/11/14 22:21:08 | 000,447,888 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswNdisFlt.sys -- (aswNdisFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/01/21 23:15:15 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010/01/21 23:15:15 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/09/11 17:04:50 | 006,177,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 E9 6E 8E 0E 9B CA 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4AD98E64-94D5-4189-BEAC-0FB886AE6B0E}: "URL" = http://www.google.com/search?q={searchT...startPage}&rlz=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: socialfixer%40mattkruse.com:7.801
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:9.0.2006.53
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/11/14 22:21:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/11/15 14:35:00 | 000,000,000 | ---D | M]

[2012/03/14 08:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2013/11/13 09:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\loaul1ak.default\extensions
[2013/09/12 18:25:24 | 000,161,656 | ---- | M] () (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\loaul1ak.default\extensions\socialfixer@mattkruse.com.xpi
[2013/11/15 14:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/15 14:35:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 14:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/15 14:35:00 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/15 14:35:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/14 22:21:26 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: dosearches (Enabled)
CHR - default_search_provider: search_url = http://www.google.com
CHR - default_search_provider: suggest_url =
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: No name found = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcogajbgikalbpphmoedjlcfjkhgh\1.0.0_0\

O1 HOSTS File: ([2013/10/07 22:33:56 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html File not found
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 216.170.153.146
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8E2B0B62-940A-4970-A657-2BE2F145CCAF}: DhcpNameServer = 192.168.0.1 216.170.153.146
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/12/08 15:08:23 | 000,149,632 | ---- | M] () - C:\AUTO.pat -- [ NTFS ]
O32 - AutoRun File - [2010/12/08 15:08:23 | 000,299,196 | ---- | M] () - C:\AUTO.pst -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013/11/15 14:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/15 14:16:55 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\AVAST Software
[2013/11/14 22:22:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/11/14 22:16:09 | 000,270,824 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/11/14 22:16:08 | 000,131,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/11/14 22:16:05 | 000,028,184 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/11/14 22:16:00 | 000,447,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2013/11/13 10:04:02 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/11/10 15:34:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoPlayer
[2013/11/10 15:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/11/10 15:24:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoPlayer
[2013/10/28 10:05:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2013/10/28 10:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/10/28 10:04:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/10/28 10:04:40 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/10/28 10:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013/11/18 15:28:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/18 15:13:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 15:13:17 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/18 15:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/18 15:07:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500UA.job
[2013/11/18 02:07:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1224842166-2811445709-100843145-500Core.job
[2013/11/17 20:08:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/17 17:47:22 | 000,791,434 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/17 17:47:22 | 000,668,348 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/17 17:47:22 | 000,124,534 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/17 17:43:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/17 17:42:58 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/16 10:00:26 | 000,001,161 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/11/14 22:22:22 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/11/14 22:22:22 | 000,001,979 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/11/14 22:21:24 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/11/14 22:21:24 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/11/14 22:21:24 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/11/14 22:21:24 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/11/14 22:21:24 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/11/14 22:21:24 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/11/14 22:21:24 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/11/14 22:21:24 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/11/14 22:21:24 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/11/14 22:21:23 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/11/14 22:21:15 | 000,028,184 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswKbd.sys
[2013/11/14 22:21:08 | 000,447,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdisFlt.sys
[2013/11/14 22:16:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/11/13 10:02:18 | 000,001,189 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/13 10:02:18 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/10 15:34:13 | 000,001,040 | ---- | M] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
[2013/11/10 15:33:45 | 000,785,246 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/08 22:52:04 | 000,000,819 | ---- | M] () -- C:\Users\Administrator\Documents\Resume.rtf
[2013/11/07 10:00:07 | 000,009,486 | ---- | M] () -- C:\Users\Administrator\Documents\Spats.ods
[2013/10/31 10:56:45 | 000,001,805 | ---- | M] () -- C:\Users\Administrator\Documents\apple muffin recipe.rtf
[2013/10/31 02:46:13 | 000,270,824 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
[2013/10/31 02:46:12 | 000,131,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
[2013/10/30 14:38:44 | 000,001,099 | ---- | M] () -- C:\Users\Administrator\Documents\seed trades.rtf
[2013/10/28 11:30:32 | 000,029,851 | ---- | M] () -- C:\Users\Administrator\Documents\mbam report.rtf
[2013/10/28 10:04:48 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/28 10:03:19 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Administrator\Desktop\mbam-setup-1.75.0.1300.exe

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013/11/14 22:22:22 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\avast! SafeZone.lnk
[2013/11/14 22:13:19 | 000,001,979 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
[2013/11/10 15:34:13 | 000,001,040 | ---- | C] () -- C:\Users\Public\Desktop\VideoPlayer.lnk
[2013/11/08 22:52:04 | 000,000,819 | ---- | C] () -- C:\Users\Administrator\Documents\Resume.rtf
[2013/11/07 09:46:30 | 000,009,486 | ---- | C] () -- C:\Users\Administrator\Documents\Spats.ods
[2013/10/31 10:54:08 | 000,001,805 | ---- | C] () -- C:\Users\Administrator\Documents\apple muffin recipe.rtf
[2013/10/28 11:30:31 | 000,029,851 | ---- | C] () -- C:\Users\Administrator\Documents\mbam report.rtf
[2013/10/28 10:04:48 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/25 18:32:33 | 000,001,099 | ---- | C] () -- C:\Users\Administrator\Documents\seed trades.rtf
[2013/09/09 18:22:50 | 000,003,740 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
[2013/06/11 13:37:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/11 13:37:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/11 13:37:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/11 13:37:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/11 13:37:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 09:46:50 | 000,785,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/22 12:52:01 | 000,070,249 | ---- | C] () -- C:\Users\Administrator\2011 Application Free.Reduced Lunch.pdf
[2011/09/22 12:38:45 | 000,176,921 | ---- | C] () -- C:\Users\Administrator\Student and LC Check List.pdf
[2011/09/22 12:38:05 | 000,318,832 | ---- | C] () -- C:\Users\Administrator\Creating a Student Account.pdf
[2011/09/22 12:37:59 | 000,349,453 | ---- | C] () -- C:\Users\Administrator\How to Kmail a Specific Teacher.pdf
[2011/09/22 12:37:21 | 000,164,791 | ---- | C] () -- C:\Users\Administrator\Progress Hours Guidelines 2011-12.pdf
[2011/09/22 12:37:01 | 000,189,197 | ---- | C] () -- C:\Users\Administrator\Logging Attendance.pdf
[2010/03/21 20:05:29 | 000,003,974 | ---- | C] () -- C:\Users\Administrator\.recently-used.xbel
[2010/01/21 23:03:23 | 000,007,616 | ---- | C] () -- C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

work smart..not hard.
AfterDawn Addict
_
18. November 2013 @ 17:13 _ Link to this message    Send private message to this user   
OK Heather, tell me all that's wrong. It's like going to the doctor, you must tell him all of your symptoms before he can make a diagnosis.

and:
do you use Skype?
do you use Pando?
where does it hurt?

You have No malware therefore I'll have to look for something else so, please help me out.

2oG
Heather59
Junior Member
_
19. November 2013 @ 21:20 _ Link to this message    Send private message to this user   
Originally posted by 2oldGeek:
OK Heather, tell me all that's wrong. It's like going to the doctor, you must tell him all of your symptoms before he can make a diagnosis.

and:
do you use Skype?
do you use Pando?
where does it hurt?

You have No malware therefore I'll have to look for something else so, please help me out.

2oG
Yes we use skype.. no idea what Pando is, so ..no..and it is just so darned SLOW..but that could be my ISP now,as the 'malicious site blocked' message has stopped.
I think I am ok again.. thanks for the assistance.

work smart..not hard.
AfterDawn Addict
_
20. November 2013 @ 14:38 _ Link to this message    Send private message to this user   
Originally posted by Heather59:
Yes we use skype.. no idea what Pando is, so ..no..and it is just so darned SLOW..but that could be my ISP now,as the 'malicious site blocked' message has stopped.
I think I am ok again.. thanks for the assistance.

Pando is a hosting program where you can upload a file, pictures etc. and pass it to another computer that has Pando. It?s OK.

'malicious site blocked' comes from MBAM Pro. It has a realtime scanner that blocks bad url?s both in and outbound. You had the Trial ver. And I see that it is not running in the last Log. I do highly recommend MBAM Pro.

I can find nothing in your Logs that is malicious and with your 'non genuine version' there?s not much more that I can do.

Until you can get a genuine copy of windows I suggest leaving the updates turned off, continuing using Avast and scan often with MBAM..

2oG
ddp
Moderator
_
20. November 2013 @ 14:52 _ Link to this message    Send private message to this user   
Heather59, pm sent to you about your windows problem.
AfterDawn Addict
_
21. November 2013 @ 16:24 _ Link to this message    Send private message to this user   
@ddp did you get my pm?
ddp
Moderator
_
21. November 2013 @ 16:30 _ Link to this message    Send private message to this user   
yes
AfterDawn Addict
_
27. November 2013 @ 16:21 _ Link to this message    Send private message to this user   
ddp, have you tried systemlook yet?
ddp
Moderator
_
27. November 2013 @ 16:37 _ Link to this message    Send private message to this user   
not yet.
AfterDawn Addict
_
27. November 2013 @ 17:18 _ Link to this message    Send private message to this user   
I've been using it for a while with just :regfind, :filefind and :folderfind. This past week I've used some of the switches and wildcards and it's as handy as a pocket on a shirt. :)
I stopped using the :reg fix in OTL because it misses a lot of stuff it sometimes doesn't have the permissions for, even though it's supposed to be running as Admin. I now just make a dot reg file because it has Full System permissions and takes care of everything...
Heather59
Junior Member
_
22. April 2014 @ 16:05 _ Link to this message    Send private message to this user   
Sorry for not getting back to you guys.escalating illnesses in the household..
I have fixed my 'non genuine' problem; reset my forgotten password and still battling with my 'slow as candied honey' computer. I'm a bit worried that the problem NOW is an hardware issue as the HD regularly makes a loud spinning noise. Never rains but it pours, around here :D

work smart..not hard.

This message has been edited since posting. Last time this message was edited on 22. April 2014 @ 16:06

ddp
Moderator
_
22. April 2014 @ 16:12 _ Link to this message    Send private message to this user   
who makes the hard drive as could download their hard drive diagnostic program to see if your hd is dying or not?
Advertisement
_
__
 
_
AfterDawn Addict
_
22. April 2014 @ 16:18 _ Link to this message    Send private message to this user   
Or it may be full, fragmented and can't work correctly.
Go to -> Start -> computer and check if your drive has free space..
 
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > addaware problems.
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork